You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'd like to report a potential authentication bypass problem using loose comparison.
In monstra/admin/index.php:38, the password checking is currently using loose comparison (==) instead of strict. However, the password in monstra is computed usingmd5 functions in monstra/engine/Security.php:98, which suffers from magic hash problem. If the hash value starts from 0e, which will be treated as 0 during the comparison. An attacker can bypass the authentication using a crafted password with similar hash value.
This problem also appears in other parts of monstra. For example, the plugin box has a similar issue.
This can be easily fixed via strict comparison(===).
Hi, I'd like to report a potential authentication bypass problem using loose comparison.
In monstra/admin/index.php:38, the password checking is currently using loose comparison (==) instead of strict. However, the password in monstra is computed using
md5functions in monstra/engine/Security.php:98, which suffers from magic hash problem. If the hash value starts from0e, which will be treated as 0 during the comparison. An attacker can bypass the authentication using a crafted password with similar hash value.This problem also appears in other parts of monstra. For example, the plugin box has a similar issue.
This can be easily fixed via strict comparison(===).
Reference to magic hash
The text was updated successfully, but these errors were encountered: