In PHP version 8.1.* prior to 8.1.28, 8.2.* prior to 8.2.18, 8.3.* prior to 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
PHP security releases 8128, 8218, & 836
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Alan Coopersmit ...
SHIFU is a command-line tool for fetching Common Vulnerabilities and Exposures (CVE) information.
SHIFU - CVE Finder Toolkit
Introduction
SHIFU is a comprehensive and powerful toolkit designed to streamline the process of finding detailed information about Common Vulnerabilities and Exposures (CVEs) Developed with security professionals, system administrators, and developers in mind, SHIFU offers a wide range of features and capabilities to simplify CVE research and analys