Neoboard 3.0 insecurely creates passwords

[Jonathan Leto <jonathan () leto net>]

Just browsing the code of neoboard_register.php and line 210 is this:

         if($this->style->USE_CRYPT) $userpassword = crypt($userpassword, '.v');

All passwords are generated with a salt of ".v" . This isn't a huge security hole,
but if someone gets to the hashes in your database, it will be a lot easier to crack
them.


--
jonathan () leto net
"With pain comes clarity."