{ "threat_severity" : "Low", "public_date" : "2024-04-12T00:00:00Z", "bugzilla" : { "description" : "php: password_verify can erroneously return true, opening ATO risk", "id" : "2275061", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2275061" }, "cvss3" : { "cvss3_base_score" : "4.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-626", "details" : [ "In PHP  version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\\x00), testing a blank string as the password via password_verify() will incorrectly return true.", "A null byte interaction error vulnerability was found in PHP. If a password stored with password_hash starts with a null byte (\\x00), testing a blank string as the password via password_verify will incorrectly return true. If a user can create a password with a leading null byte (unlikely, but syntactically valid), an attacker could trivially compromise the victim's account by attempting to sign in with a blank string." ], "statement" : "The identified issue with password_verify treating a null byte (\\x00) at the beginning of a stored hash as the end of the string, leading to incorrect verification of a blank password, is categorized as low severity due to its narrow exploitability and specific conditions required for successful exploitation. The presence of a null byte in the password is uncommon and unlikely to occur under normal user input or system-generated password scenarios. Additionally, modern web applications typically employ input validation and strict password policies that would prevent the creation of passwords with null byte prefixes.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-12-11T00:00:00Z", "advisory" : "RHSA-2024:10951", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "php:8.2-8100020241112130045.f7998665" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-12-11T00:00:00Z", "advisory" : "RHSA-2024:10952", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "php:7.4-8100020241113075828.f7998665" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-12-11T00:00:00Z", "advisory" : "RHSA-2024:10949", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "php:8.2-9050020241112094217.9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-12-11T00:00:00Z", "advisory" : "RHSA-2024:10950", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "php:8.1-9050020241112144108.9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "php-0:8.0.30-2.el9" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "php:8.0/php", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-3096\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3096\nhttps://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr" ], "name" : "CVE-2024-3096", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }