GSD-2022-1002522

Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002522.json
Published
2022-05-24T17:10:11.663637Z
Modified
2022-05-24T17:10:11.663637Z
Details

In PHP phpass version 0.3.x-dev, 0.3.x a backdoor exists in the phpass package that can be attacked via malicious package update resulting in credential theft

References

Affected packages

GSD / phpass

phpass

Affected ranges

Affected versions

0.*

0.3.x-dev, 0.3.x