| ID | CVE-2024-3096 | ||||||
| Sažetak | In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. | ||||||
| Reference |
|
||||||
| CVSS |
|
||||||
| Pristup |
|
||||||
| Impact |
|
||||||
| CVSS vektor | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | ||||||
| Zadnje važnije ažuriranje | 18-06-2025 - 21:10 | ||||||
| Objavljeno | 29-04-2024 - 04:15 |
