CVE-2020-23355

Published: Jan 27, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.

Affected (1)

Products: Codiad: Codiad

Codiad

1 product

Codiad

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Codiad Codiad	Version 2.8.4

References (2)

https://github.com/Codiad/Codiad/issues/1121

Source: cve@mitre.org

Third Party Advisory

https://github.com/Codiad/Codiad/issues/1121

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.