Use of Wrong Operator in String Comparison in erikdubbelboer/phpredisadmin

Valid

Reported on

Oct 5th 2021

Description

$response is a salted md5 hash generated based on the concatenated hashed of credentials with other parameters.

It has been discovered that $response compares with $data['response'] using comparison operator != in file login.inc.php. This might cause unexpected behavior due to type juggling.

It is possible to reduce the strength of the hash by using magic hash attack, and leveraged to bypass authentication.

Impact

This vulnerability is capable of authentication bypass

Remidation

Use !== instead

Occurrences

References

https://www.php.net/manual/en/language.operators.comparison.php

We have contacted a member of the erikdubbelboer/phpredisadmin team and are waiting to hear back a year ago

Erik Dubbelboer validated this vulnerability a year ago

Viky has been awarded the disclosure bounty

The fix bounty is now up for grabs

Erik Dubbelboer marked this as fixed with commit 31aa76 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

to join this conversation