CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugs.php.net/bug.php?id=81744	Vendor Advisory
https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

History

10 Mar 2023, 17:32

Type	Values Removed	Values Added
CPE		cpe:2.3:a:php:php::::::::
CWE		CWE-916
References	~~(MISC) https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4 -~~	(MISC) https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4 - Exploit, Vendor Advisory
References	~~(MISC) https://bugs.php.net/bug.php?id=81744 -~~	(MISC) https://bugs.php.net/bug.php?id=81744 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.2

01 Mar 2023, 13:45

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-01 08:15

Updated : 2024-08-01 16:35

NVD link : CVE-2023-0567

Mitre link : CVE-2023-0567

CVE.ORG link : CVE-2023-0567

JSON object : View

Products Affected

php

php

CWE

CWE-916

Use of Password Hash With Insufficient Computational Effort

{"id": "CVE-2023-0567", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Secondary", "source": "security@php.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2023-03-01T08:15:11.530", "references": [{"url": "https://bugs.php.net/bug.php?id=81744", "tags": ["Vendor Advisory"], "source": "security@php.net"}, {"url": "https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4", "tags": ["Exploit", "Vendor Advisory"], "source": "security@php.net"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-916"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-916"}]}], "descriptions": [{"lang": "en", "value": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.\u00a0\n\n"}], "lastModified": "2024-08-01T16:35:02.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBCCD85D-5679-42EE-B6C6-A9A309E2B4BC", "versionEndExcluding": "8.0.28", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDC7B443-3E3C-4888-AC9B-7415D2C5C059", "versionEndExcluding": "8.1.16", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C14298C-48A4-4FD8-BFA0-808CF935490B", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}