VYPR

Shield

by Codeigniter

Source repositories

CVEs (4)

  • CVE-2023-27580HigMar 13, 2023
    risk 0.42cvss 7.5epss 0.01

    CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the…

  • CVE-2022-35943MedAug 12, 2022
    risk 0.31cvss 5.9epss 0.00

    Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html)…

  • CVE-2023-48708MedNov 24, 2023
    risk 0.26cvss 5.0epss 0.01

    CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw…

  • CVE-2023-48707MedNov 24, 2023
    risk 0.26cvss 5.0epss 0.00

    CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the…