In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. 
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2023-02-16T06:15:50.127Z

Updated: 2024-08-02T05:17:50.104Z

Reserved: 2023-01-29T07:45:55.380Z

Link: CVE-2023-0567

cve-icon Vulnrichment

Updated: 2024-07-31T20:13:47.480Z

cve-icon NVD

Status : Modified

Published: 2023-03-01T08:15:11.530

Modified: 2024-08-01T16:35:02.767

Link: CVE-2023-0567

cve-icon Redhat

Severity : Low

Publid Date: 2023-02-15T00:00:00Z

Links: CVE-2023-0567 - Bugzilla