Security Advisory

CVE-2020-23356

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-27 15:27:03

Last updated 2024-08-04 14:58:15

Assigner mitre

State PUBLISHED

Description

dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

← Browse all CVEs View on cve.org ↗