Skip to main content

Incorrect Comparison

CVE-2020-23359

Severity High
Score 9.8/10

Summary

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

Advisory Timeline

  • Published