Source: python-bottle-cork Severity: grave Tags: upstream security Justification: user security hole
As reported on https://github.com/FedericoCeratto/bottle-cork/issues/112, the "bottle-cork" module uses a very unsecure hashing algorithm (sha1 with 10 iterations) as default. the defaults should be changed to use a secure hash (or even better: the user should select the hashing algorithm, rather than Cork)