Incorrect Comparison
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-697: Incorrect Comparison |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Comparing md5 hashes using ‘==’ instead of ‘===’ in PHP can lead to unexpected results due to type juggling. This may allow values that shouldn’t match to be considered equal, creating a security risk.
Impact#
An attacker could exploit loose comparisons to bypass authentication or validation checks by crafting inputs that generate ‘magic’ hash values. This could lead to unauthorized access or compromise of sensitive data in your application.