What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2023-27580.

What is the severity of CVE-2023-27580?

The severity of CVE-2023-27580 is high.

What is the affected software version?

The affected software version is CodeIgniter Shield 1.0.0-beta and earlier.

How can I fix the vulnerability?

To fix the vulnerability, you should upgrade to a newer version of CodeIgniter Shield.

Vulnerability/
CVE-2023-27580

high

7.5

CWE

916

13/3/2023

23/3/2023

CVE-2023-27580

First published: Mon Mar 13 2023(Updated: )

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
CodeIgniter Shield	=1.0.0-beta
CodeIgniter Shield	=1.0.0-beta2
CodeIgniter Shield	=1.0.0-beta3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-27580.
What is CodeIgniter Shield?
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework.
What is the severity of CVE-2023-27580?
The severity of CVE-2023-27580 is high.
What is the affected software version?
The affected software version is CodeIgniter Shield 1.0.0-beta and earlier.
How can I fix the vulnerability?
To fix the vulnerability, you should upgrade to a newer version of CodeIgniter Shield.

collector/nvd-index
vendor/codeigniter
canonical/codeigniter shield
version/codeigniter shield/1.0.0-beta
version/codeigniter shield/1.0.0-beta2
version/codeigniter shield/1.0.0-beta3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.