gbirke
commented
4 years ago Thank you for pointing this out!
The issue was fixed in Version 2.0
Closed SecGus closed 4 years ago
gbirke
commented
4 years ago Thank you for pointing this out!
The issue was fixed in Version 2.0
Hello!
This plugin seems to have a type juggling vulnerability that could result in a conditional always returning true. This is due to the use of a weak comparison, instead of a strict one.
I came across this after playing with a CMS that uses the plugin, known as "GRAV" CMS.
Here you can see the vulnerable line:
if($username == $_POST['username'] && $password == $_POST['password']) {Which exists in the file: /birke/rememberme/example/action.php:
Since this is a weak comparison, it does not check types, and will return true if:
Let me know if further details are required. An example fix would simply be replacing the "==" with "===".