Shield
CVE-2023-48707
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AnalysisAI
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-312. CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. Affected products include: Codeigniter Shield. Version information: version 1.0.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Shield is an authentication and authorization framework for CodeIgniter 4. Rated high severity (CVSS 8.8), this vulnerab
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. Rated medium severity (CVSS 6.5),
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. Rated medium severity
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today