GSD-2022-1002522

See a problem?
Please try reporting it to the source first.

Source

https://data.gsd.id/GSD-2022-1002522

Import Source

https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002522.json

JSON Data

https://api.osv.dev/v1/vulns/GSD-2022-1002522

Withdrawn

2023-03-14T07:01:09.291903Z

Published

2022-05-24T17:10:11.663637Z

Modified

2023-03-14T07:01:09.291903Z

Summary

backdoor in phpass version 0.3.x-dev, 0.3.x

Details

In PHP phpass version 0.3.x-dev, 0.3.x a backdoor exists in the phpass package that can be attacked via malicious package update resulting in credential theft

References

https://sockpuppets.medium.com/how-i-hacked-ctx-and-phpass-modules-656638c6ec5e
https://isc.sans.edu/diary/28678
https://github.com/github/advisory-database/issues/325
https://status.python.org/incidents/s8vm6pwr46c2
https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk

GSD-2022-1002522

Affected packages