Full Path Disclosure in password lock
P
Paragon Initiative Enterprises
Submitted None
Actions:
Reported by
supernatural
Vulnerability Details
Technical details and impact analysis
Hi,
Password input must be string but not checked in PasswordLock lib,
It will throw an exception on `hash` function call
Warning: hash() expects parameter 2 to be string
So you must validate it in `hashAndEncrypt` and `decryptAndVerify`
Regards
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
Information Disclosure