if (empty($_POST['password']) || $_POST['password'] != $_POST['password_check']) {
It also uses a loose comparison. The functionality might not perform correctly for the password rechecking in the magic strings cases. For example, "0e11" and "0e22" shall be equal under loose comparison, but actually they are not.
The text was updated successfully, but these errors were encountered:
[lists/index.php:145]
phplist3/public_html/lists/index.php
Line 145 in d0a0107
Here is another [example].
phplist3/public_html/lists/index.php
Line 148 in d0a0107
A similar CVE can be found CVE-2020-8547 and here
In addition, in
phplist3/public_html/lists/admin/subscribelib2.php
Line 143 in d0a0107
It also uses a loose comparison. The functionality might not perform correctly for the password rechecking in the magic strings cases. For example, "0e11" and "0e22" shall be equal under loose comparison, but actually they are not.
The text was updated successfully, but these errors were encountered: