CVE-2020-23356

Name of the Vulnerable Software and Affected Versions nibbleblog version 3.7.1c

Description The issue allows for a login bypass due to type juggling in password hashes. This occurs because the code uses == instead of === for comparing password hashes, which can mishandle hashes starting with '0e' followed by numerical characters.

Recommendations For nibbleblog version 3.7.1c, consider updating the login.class.php file to use === for password hash comparisons instead of == to prevent type juggling attacks. As a temporary workaround, restrict access to the login.class.php file to minimize the risk of exploitation.