PHP logic error and some == wonkiness

2015.05.04
Credit: Kurt Seifried
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

https://news.ycombinator.com/item?id=9484757 read the entire thread for an ongoing series of "what the heck?". Some examples include: ================= This is well-known PHP-trick. Use === to right result. php > var_dump(md5('240610708') == md5('QNKCDZO')); bool(true) php > var_dump(md5('240610708'), md5('QNKCDZO')); string(32) "0e462097431906509019562988736854" string(32) "0e830400451993494058024219903391" php > var_dump(md5('240610708') === md5('QNKCDZO')); bool(false) php > var_dump("0e462097431906509019562988736854" == "0e830400451993494058024219903391"); bool(true) php > var_dump("0e462097431906509019562988736854" === "0e830400451993494058024219903391"); bool(false) php > var_dump(md5('240610708') === md5('QNKCDZO')); bool(false) php > var_dump(md5('240610708') == md5('QNKCDZO')); bool(true) php > var_dump(md5('240610708') === md5('QNKCDZO')); bool(false) ================= I'm guessing there is more than a bit of code that uses == to compare passwords/etc. Something to be aware of. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud

References:

https://news.ycombinator.com/item?id=9484757
http://seclists.org/oss-sec/2015/q2/356


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top