Search for vulnerabilities
Vulnerability details: VCID-2r8t-929k-aaaf
Vulnerability ID VCID-2r8t-929k-aaaf
Aliases CVE-2023-0567
Summary In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.
Status Published
Exploitability 0.5
Weighted Severity 5.6
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-916 Use of Password Hash With Insufficient Computational Effort
CWE-328 Use of Weak Hash
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-0567
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.2 https://nvd.nist.gov/vuln/detail/CVE-2023-0567
cvssv3.1 6.2 https://nvd.nist.gov/vuln/detail/CVE-2023-0567
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json
https://api.first.org/data/v1/epss?cve=CVE-2023-0567
https://bugs.php.net/bug.php?id=81744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4
https://security.netapp.com/advisory/ntap-20230331-0008/
1031368 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368
2170771 https://bugzilla.redhat.com/show_bug.cgi?id=2170771
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
CVE-2023-0567 https://nvd.nist.gov/vuln/detail/CVE-2023-0567
GLSA-202408-32 https://security.gentoo.org/glsa/202408-32
RHSA-2023:5926 https://access.redhat.com/errata/RHSA-2023:5926
RHSA-2023:5927 https://access.redhat.com/errata/RHSA-2023:5927
RHSA-2024:0387 https://access.redhat.com/errata/RHSA-2024:0387
RHSA-2024:10952 https://access.redhat.com/errata/RHSA-2024:10952
USN-5902-1 https://usn.ubuntu.com/5902-1/
USN-6053-1 https://usn.ubuntu.com/6053-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0567
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0567
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.06302
EPSS Score 0.00034
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.