Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.6.4

Bug #711 *BACKDOOR* in auth package
Submitted: 2004-02-09 12:31 UTC
From: mahdi dot nadir at viveris dot fr Assigned: mj
Status: Closed Package: Auth
PHP Version: Irrelevant OS: ALL
Roadmaps: (Not assigned)    
Subscription  


 [2004-02-09 12:31 UTC] mahdi dot nadir at viveris dot fr
Description: ------------ in pear/auth/container.php 1.15 (last) and since (1.8). in method verifyPassword() line 85: function verifyPassword($password1, $password2, $cryptType = "md5") { switch ($cryptType) { case "crypt" : return (($password2 == "**" . $password1) || (crypt($password1, $password2) == $password2) ); break; [...] In line 85, uncrypted password (user submited) is compared with crypted password prefixed by '**'. This feature allow any people having the crypted password to get in. Reproduce code: --------------- require('Auth/Container.php'); if (Auth_Container::verifyPassword('foo','**foo','crypt')) echo 'welcome'; else echo 'access denied'; Expected result: ---------------- access denied Actual result: -------------- welcome

Comments

 [2004-02-16 09:03 UTC] lsmith
this sounds like a bug that needs to be addresses ASAP
 [2004-02-16 09:25 UTC] mj
This has been fixed in CVS some days ago.