Home > Vulnerability Database > CVE-2023-0567

Mend.io Vulnerability Database

CVE-2023-0567

Date: February 16, 2023

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.

Language: C

Severity Score

7.7

Related Resources (7)

Url: https://security.netapp.com/advisory/ntap-20230331-0008/

Url: https://access.redhat.com/security/cve/CVE-2023-0567

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-0567

Url: https://bugs.php.net/bug.php?id=81744

Url: https://security-tracker.debian.org/tracker/CVE-2023-0567

Url: https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4

Url: https://www.mend.io/vulnerability-database/CVE-2023-0567

Severity Score

7.7

Weakness Type (CWE)

Use of Password Hash With Insufficient Computational Effort

CWE-916

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-0567

Date: February 16, 2023

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?