VYPR

Packagist (Composer) package

codeigniter4/shield

pkg:composer/codeigniter4/shield

Vulnerabilities (4)

  • CVE-2023-48707Nov 24, 2023
    affected < 1.0.0-beta.8fixed 1.0.0-beta.8

    CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the da

  • CVE-2023-48708Nov 24, 2023
    affected < 1.0.0-beta.8fixed 1.0.0-beta.8

    CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token

  • CVE-2023-27580Mar 13, 2023
    affected < 1.0.0-beta.4fixed 1.0.0-beta.4

    CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vuln

  • CVE-2022-35943Aug 12, 2022
    affected >= 1.0.0-beta, < 1.0.0-beta.2fixed 1.0.0-beta.2

    Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechani