Incorrect Comparison
CVE-2020-23359
Summary
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-697 - Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
References
Advisory Timeline
- Published