Bugtraq mailing list archives
Re: Neoboard 3.0 insecurely creates passwords
From: Signal 11 <signal11 () MEDIAONE NET>
Date: Mon, 14 Aug 2000 14:05:05 -0500
All passwords are generated with a salt of ".v" . This isn't a huge security hole, but if someone gets to the hashes in your database, it will be a lot easier to crack them.
This is particularily objectionable because PHP will happily generate a random salt by simply omitting one. The only reason one should specify a salt is when encrypting a password to compare it to the one in the database. Just extract the first two letters from the string and pass that to the crypt function - you can do all of it on one line. :/ ~ Signal 11
Current thread:
- Neoboard 3.0 insecurely creates passwords Jonathan Leto (Aug 14)
- Re: Neoboard 3.0 insecurely creates passwords Signal 11 (Aug 15)