How severe is CVE-2023-27580?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-27580?

This is classified as CWE-916, which is a common weakness in software security.

CVE-2023-27580 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.

Related Vulnerabilities

CVE-2017-11131

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA...

CWE-9162017

CVE-2022-47557

MEDIUM

CVSS:6.1(Medium)

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to...

CWE-9162022

CVE-2006-1058

MEDIUM

CVSS:5.5(Medium)

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

CWE-9162006

CVE-2014-0083

MEDIUM

CVSS:5.5(Medium)

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

CWE-9162014

CVE-2018-13811

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file an...

CWE-9162018

CVE-2020-10040

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve...

CWE-9162020