[16229] in bugtraq
Neoboard 3.0 insecurely creates passwords
daemon@ATHENA.MIT.EDU (Jonathan Leto)
Mon Aug 14 15:12:55 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20000811175738.A24138@leto.net>
Date: Fri, 11 Aug 2000 17:57:38 -0500
Reply-To: jonathan@leto.net
From: Jonathan Leto <jonathan@LETO.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Just browsing the code of neoboard_register.php and line 210 is this:
if($this->style->USE_CRYPT) $userpassword = crypt($userpassword, '.v');
All passwords are generated with a salt of ".v" . This isn't a huge security hole,
but if someone gets to the hashes in your database, it will be a lot easier to crack
them.
--
jonathan@leto.net
"With pain comes clarity."
