Bugtraq mailing list archives
Neoboard 3.0 insecurely creates passwords
From: Jonathan Leto <jonathan () leto net>
Date: Fri, 11 Aug 2000 17:57:38 -0500
Just browsing the code of neoboard_register.php and line 210 is this:
if($this->style->USE_CRYPT) $userpassword = crypt($userpassword, '.v');
All passwords are generated with a salt of ".v" . This isn't a huge security hole,
but if someone gets to the hashes in your database, it will be a lot easier to crack
them.
--
jonathan () leto net
"With pain comes clarity."
Current thread:
- Neoboard 3.0 insecurely creates passwords Jonathan Leto (Aug 14)
- Re: Neoboard 3.0 insecurely creates passwords Signal 11 (Aug 15)
