OWASP/phpsec

Issues

• update for phpsec.owasp.org?

  #120 opened 9 years ago by enygma
  39

• confidentialString function uses hard-coded key

  #108 opened 9 years ago by asgrim
  108

• Test

  #62 opened 11 years ago by SamanthaGroves
  0

• need for isUserIdValid() in session library

  #74 opened 11 years ago by mebjas
  5

• Binding ip address with session

  #84 opened 9 years ago by mebjas
  12

• [SECURITY] phpsec user system XSS

  #119 opened 9 years ago by AndrewCarterUK
  0

• [SECURITY] phpsec/user.php - Passwords converted to lower case before hashing

  #118 opened 9 years ago by AndrewCarterUK
  0

• [SECURITY] phpsec/user.php - Timing attack on hash comparison

  #117 opened 9 years ago by AndrewCarterUK
  0

• [SECURITY] phpsec/random.php - Fallback CSPRNG is not CSPRNG

  #116 opened 9 years ago by AndrewCarterUK
  0

• [SECURITY] phpsec/random.php - mcrypt isn't properly error checked

  #115 opened 9 years ago by AndrewCarterUK
  0

• [SECURITY] phpsec/random.php - CSPRNG isn't properly error checked

  #114 opened 9 years ago by AndrewCarterUK
  0

• [SECURITY] phpsec/random.php - CSPRNG isn't used when available

  #113 opened 9 years ago by AndrewCarterUK
  0

• PROJECT NEEDS TO BE SLATED AS INACTIVE

  #109 opened 9 years ago by cscasanovas123
  3

• mail injection prevention

  #83 opened 9 years ago by mebjas
  1

• brute force detection for time based bots

  #85 opened 9 years ago by mebjas
  3

• Flag 'suspicious' activity, with configurable threshold for reaction

  #103 opened 9 years ago by MysterAitch
  0

• HttpRequest accesses the modified $_SERVER without decontaminating values.

  #32 opened 9 years ago by SvenRtbg
  3

• BasicPasswordManagement::hasOrderedCharacters does not involve string encoding

  #50 opened 9 years ago by SvenRtbg
  2

• DownloadManager::downloadSpeed incorrectly html-escapes the downloaded file.

  #60 opened 9 years ago by SvenRtbg
  5

• use of bcrypt as a hashing algo

  #67 opened 9 years ago by rash805115
  1

• Coding Convention contradicts itself.

  #104 opened 10 years ago by hakre
  3

• Library violates all PSR standards because of the coding exceptions made.

  #29 opened 11 years ago by SvenRtbg
  4

• Bad random session ids due to bad Rand::random randomness

  #69 opened 11 years ago by SvenRtbg
  7

• hasKeyboardOrderedCharacters is not localized

  #26 opened 11 years ago by vanderaj
  3

• openssl_random_pseudo_bytes fails if openssl in not available

  #101 opened 11 years ago by mebjas
  2

• Session expires even when user is active

  #78 opened 11 years ago by rash805115
  4

• Last login

  #72 opened 11 years ago by rash805115
  5

• Modification in Rand::randstr() function required

  #89 opened 11 years ago by mebjas
  5

• auto removal of outdated session and their data in some time interval

  #71 opened 11 years ago by rash805115
  25

• The "tabs" vs. "spaces" issue

  #59 opened 11 years ago by SvenRtbg
  9

• HttpRequest::URL() and HttpRequest::ChangeProtocol incorrectly use HttpRequest::ServerName()

  #31 opened 11 years ago by SvenRtbg
  6

• Trailing whitespaces issue

  #90 opened 11 years ago by shivamdixit
  1

• doubt about error handling in session library

  #82 opened 11 years ago by mebjas
  2

• Question : Session

  #80 opened 11 years ago by paulocmguerreiro
  3

• Question: Rand Library

  #75 opened 11 years ago by paulocmguerreiro
  1

• user::resetPassword() is a DoS waiting to happen

  #27 opened 11 years ago by vanderaj
  9

• user::rememberMe() review

  #28 opened 11 years ago by vanderaj
  4

• AdvancePasswordManagement::isBruteForce() is not correctly implemented

  #63 opened 11 years ago by shivamdixit
  1

• Hashing Algo and Concat of hash+dynamic salt

  #66 opened 11 years ago by rash805115
  12

• overhead in session library?

  #68 opened 11 years ago by mebjas
  11

• Storing static salt in database

  #65 opened 11 years ago by shivamdixit
  1

• Run static parser to check for "o/p" in the code and replace with echof

  #55 opened 11 years ago by rash805115
  0

• remove date_default_timezone_set() from Time class

  #56 opened 11 years ago by rash805115
  1

• confidentialString incorrectly converts the string back to its original value.

  #53 opened 11 years ago by SvenRtbg
  25

• confidentialString incorrectly modifies the code.

  #52 opened 11 years ago by SvenRtbg
  3

• call-time-pass-by-reference is used

  #49 opened 11 years ago by SvenRtbg
  3

• Scanner Parser

  #48 opened 11 years ago by abiusx
  9

• HttpRequest::portReadable() does not return a value

  #30 opened 11 years ago by SvenRtbg
  16

• \phpsec\confidentialString() function is declared twice in the codebase.

  #33 opened 11 years ago by SvenRtbg
  7

• Several occurances of "<br>" inside the exception message string.

  #35 opened 11 years ago by SvenRtbg
  2