Closed Areizen closed 2 years ago
The following code snippet in calendar.php could allow an attacker to bypass the login.
if(!$user || $user->password != md5($password)) return false;
Explanation : If an user password 'md5' starts with 0e an attacker can connect to the website by using any text that md5 starts by 0e since php will compare int instead of the full strings and 0e123... == 0e23... == 0
0e
int
0e123...
0e23...
0
You should prefer using this : if(!$user || $user->password !== md5($password))
if(!$user || $user->password !== md5($password))
Thanks, this change will be included in 2.0.13
The following code snippet in calendar.php could allow an attacker to bypass the login.
Explanation : If an user password 'md5' starts with
0e
an attacker can connect to the website by using any text that md5 starts by0e
since php will compareint
instead of the full strings and0e123...
==0e23...
==0