Peng-Hui

**Name of the Vulnerable Software and Affected Versions** Codiad version 2.8.4 **Description** The issue concerns a magic hash authentication bypass vulnerability. It affects the Authenticate() function in the class.user.php file. Specifically, if the encrypted or hash value for passwords matches certain formats of magic hash, such as 0e123, another hash value like 0e234 can successfully authenticate. This allows for unauthorized access. **Recommendations** For Codiad version 2.8.4, as a temporary workaround, consider disabling the Authenticate() function in the class.user.php file until a patch is available. Restrict access to the `/componetns/user/class.user.php` endpoint to minimize the risk of exploitation. Avoid using the `0e123` and `0e234` hash values in the affected authentication process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nibbleblog version 3.7.1c **Description** The issue allows for a login bypass due to type juggling in password hashes. This occurs because the code uses `==` instead of `===` for comparing password hashes, which can mishandle hashes starting with '0e' followed by numerical characters. **Recommendations** For nibbleblog version 3.7.1c, consider updating the `login.class.php` file to use `===` for password hash comparisons instead of `==` to prevent type juggling attacks. As a temporary workaround, restrict access to the `login.class.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WeBid version 1.2.2 **Description** The issue arises from a loose comparison used to check the identicalness of two passwords during registration in the admin/newuser.php file. This allows two non-identical passwords to bypass the check. **Recommendations** For WeBid version 1.2.2, consider modifying the password comparison function to use a strict comparison to ensure that only identical passwords are accepted during registration. As a temporary workaround, consider implementing additional validation checks on the `password` and `confirm password` variables to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** oscommerce version 2.3.4.1 **Description** The issue concerns a functional problem in user registration and password rechecking. Specifically, a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password reset.php API endpoints. This allows for potential unauthorized access. **Recommendations** For oscommerce version 2.3.4.1, as a temporary workaround, consider disabling the password rechecking functionality in the affected API endpoints until a patch is available. Restrict access to the /catalog/admin/administrators.php and /catalog/password reset.php endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.