Hi people, You have a massive security flaw in your implementation of crpyt:
in file inc/lib/PasswordCrypt.php: return crypt($plaintext, substr($plaintext,0,2)); You use the first two characters of the plain password as salt. Not very clever, isn't it? http://www.php.net/manual/en/function.crypt.php - Example 1: $password = crypt('mypassword'); // let the salt be automatically generated Please correct the file immediately, and inform all users to change the passwords at once. Greetings, Lars Duesing LDC Consulting, Munich --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Openmailadmin" group. To post to this group, send email to openmailadmin@googlegroups.com To unsubscribe from this group, send email to openmailadmin+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.de/group/openmailadmin?hl=en -~----------~----~----~----~------~----~------~--~---