Read Time:9 Second
It was discovered that PHP incorrectly handled certain invalid Blowfish
password hashes. An invalid password hash could possibly allow applications to
accept any password as valid, contrary to expectations.