allow attackers to compromise user accounts, WhiteHat Security's Robert
Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash'
vulnerability.
A
weakness in the manner in which PHP handles hashed strings in certain
situations gives attackers an opportunity to try and compromise
authentication systems, passwords, and other functions involving hash
comparisons in PHP, a researcher from WhiteHat Security says.
Robert Hansen, vice president of WhiteHat, describes the issue as oneweakness in the manner in which PHP handles hashed strings in certain
situations gives attackers an opportunity to try and compromise
authentication systems, passwords, and other functions involving hash
comparisons in PHP, a researcher from WhiteHat Security says.
that affects any website that uses two specific types of operators for
comparing hashes in PHP.
The issue mostly affects authentication, but it could also effect
"forgot password" flows, nonces, binary checking, cookies, and
passwords, among other things, Hansen, aka RSnake, told Dark Reading.
"It totally depends on the website, and how it's constructed." More...
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
No comments:
Post a Comment