High severityNVD Advisory· Published Jan 27, 2021· Updated Aug 4, 2024
CVE-2020-23355
CVE-2020-23355
Description
PRODUCT NOT SUPPORTED WHEN ASSIGNED Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
codiad/codiadPackagist | <= 2.8.4 | — |
Affected products
2- Codiad/Codiaddescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-8fhh-hf9w-55p7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-23355ghsaADVISORY
- github.com/Codiad/Codiad/issues/1121ghsax_refsource_MISCWEB
- web.archive.org/web/20160722013412/https://www.whitehatsec.com/blog/magic-hashesghsaWEB
News mentions
0No linked articles in our index yet.