Hi people,
You have a massive security flaw in your implementation of crpyt:
in file inc/lib/PasswordCrypt.php:
return crypt($plaintext, substr($plaintext,0,2));
You use the first two characters of the plain password as salt.
Not very clever, isn't it?
http://www.php.net/manual/en/function.crypt.php - Example 1:
$password = crypt('mypassword'); // let the salt be automatically generated
Please correct the file immediately, and inform all users to change the
passwords at once.
Greetings,
Lars Duesing
LDC Consulting, Munich
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Openmailadmin" group.
To post to this group, send email to openmailadmin@googlegroups.com
To unsubscribe from this group, send email to
openmailadmin+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.de/group/openmailadmin?hl=en
-~----------~----~----~----~------~----~------~--~---
