cve-2023-0567

Laravel Tech Community

Mar 13, 2023 · Information Security

PHP password_verify() Validation Error Vulnerability (CVE-2023-0567)

The PHP password_verify() function suffers a validation error vulnerability in certain versions where a "$" character in the BCrypt salt triggers a buffer over‑read, allowing any password to be accepted as valid and potentially enabling password‑less logins.