Bugtraq mailing list archives
Neoboard 3.0 insecurely creates passwords
From: Jonathan Leto <jonathan () leto net>
Date: Fri, 11 Aug 2000 17:57:38 -0500
Just browsing the code of neoboard_register.php and line 210 is this: if($this->style->USE_CRYPT) $userpassword = crypt($userpassword, '.v'); All passwords are generated with a salt of ".v" . This isn't a huge security hole, but if someone gets to the hashes in your database, it will be a lot easier to crack them. -- jonathan () leto net "With pain comes clarity."
Current thread:
- Neoboard 3.0 insecurely creates passwords Jonathan Leto (Aug 14)
- Re: Neoboard 3.0 insecurely creates passwords Signal 11 (Aug 15)