CVE-2023-48708: 
PHP vulnerability analysis and mitigation

CodeIgniter Shield, an authentication and authorization provider for CodeIgniter 4, was found to have a security vulnerability (CVE-2023-48708) where successful login attempts were recorded with raw tokens stored in the log table. The vulnerability was discovered and disclosed on November 24, 2023, affecting versions prior to 1.0.0-beta.8. The issue impacts the authentication system when using AccessTokens, JWT, or HmacSha256 authenticators (GitHub Advisory).

The vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File). When successful login attempts are logged, the system stores raw authentication tokens in the authtokenlogins table. The vulnerability has a CVSS v3.1 base score of 6.5 MEDIUM (NIST) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, though GitHub assessed it as 5.0 MEDIUM with vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N (NVD).

If a malicious actor gains access to the log table, they can obtain the raw tokens stored within it. These tokens can then be used to make unauthorized requests with the legitimate user's authority, potentially compromising the security of the affected system (GitHub Advisory).

The issue has been patched in version 1.0.0-beta.8. Users are advised to upgrade to this version or later. For those unable to upgrade immediately, a workaround is available by disabling logging for successful login attempts in the configuration files. For AccessTokens or HmacSha256, set Config\AuthToken::$recordLoginAttempt to Auth::RECORDLOGINATTEMPTFAILURE or Auth::RECORDLOGINATTEMPTNONE. For JWT, set Config\AuthJWT::$recordLoginAttempt to Auth::RECORDLOGINATTEMPTFAILURE or Auth::RECORDLOGINATTEMPTNONE (GitHub Advisory).