CVE-2024-34914 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-34914

CVE-2024-34914

May 14, 2024

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2024-34914

https://chmod744.super.site/redacted-vulnerability

https://github.com/php-censor/php-censor

https://github.com/php-censor/php-censor/commit/7b011d1b60f543e6ed814315a285cc80074d12e5

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Use of Weak Hash

CWE-328

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

EPSS

Base Score:

0.08

Products

Solutions

Resources

Company

Compare

Developer Tools