FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch]

FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. password_verify() is currently being called with a constructed string (SHA-256 nonce + part of a bcrypt hash) instead of the raw user password. Due to bcrypt’s 72-byte input truncation, this causes password verification to succeed even when the user enters an incorrect password. This vulnerability is fixed in 1.27.2-dev (476e57b). The issue was only present in the edge branch and never in a stable release.

N/A

认证机制不恰当

FreshRSS 授权问题漏洞

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS存在授权问题漏洞，该漏洞源于密码验证逻辑缺陷，可能导致即使用户输入错误密码，验证也会成功。

N/A

N/A