CVE-2023-27580

Name of the Vulnerable Software and Affected Versions CodeIgniter Shield versions 1.0.0-beta.3 and earlier

Description An improper implementation was found in the password storage process, making all hashed passwords stored in affected versions easier to crack than expected. If an attacker obtains the user's hashed password and the hashed password (SHA-384 hash without salt) from another source, they may easily crack the user's password.

Recommendations Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database).