1. CVE-Search
  2. CVE-2023-0567
ID CVE-2023-0567
Summary In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:8.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.0:rc7:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.0:rc7:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.2:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.2.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.2.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.4:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.5:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.6:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.6:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.7:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.7:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.2:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.2:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.3:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.3:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.5:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.5:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.7:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.8:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.8:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.9:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.9:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.10:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.10:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.11:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.11:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.12:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.12:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.12:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.12:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.13:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.13:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.14:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.14:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.14:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.14:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.15:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.15:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.15:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.15:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.16:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.16:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.16:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.16:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.17:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.17:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.17:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.17:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.18:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.18:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.18:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.18:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.19:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.19:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.19:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.19:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.20:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.20:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.20:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.20:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.23:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.23:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.23:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.23:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.24:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.24:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.24:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.24:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.25:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.25:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.25:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.25:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.26:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.26:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.26:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.26:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.27:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.27:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:8.0.27:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:8.0.27:rc1:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-916
CAPEC
  • Rainbow Table Password Cracking
    An attacker gets access to the database table where hashes of passwords are stored. He then uses a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system. A password rainbow table stores hash chains for various passwords. A password chain is computed, starting from the original password, P, via a reduce(compression) function R and a hash function H. A recurrence relation exists where Xi+1 = R(H(Xi)), X0 = P. Then the hash chain of length n for the original password P can be formed: X1, X2, X3, ... , Xn-2, Xn-1, Xn, H(Xn). P and H(Xn) are then stored together in the rainbow table. Constructing the rainbow tables takes a very long time and is computationally expensive. A separate table needs to be constructed for the various hash algorithms (e.g. SHA1, MD5, etc.). However, once a rainbow table is computed, it can be very effective in cracking the passwords that have been hashed without the use of salt.
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 10-03-2023 - 17:32
Published 01-03-2023 - 08:15
Last modified 10-03-2023 - 17:32
Back to Top