Insecure crypt() function (needs to have salt)

piler 1.3.6, build 998, Janos SUTO sj@acts.hu

Build Date: Tue Feb 25 01:42:40 UTC 2020
ldd version: ldd (GNU libc) 2.28
gcc version: gcc version 8.3.1 20190507 (Red Hat 8.3.1-4) (GCC)
OS: Linux archive 4.18.0-147.3.1.el8_1.x86_64 #1 SMP Fri Jan 3 23:55:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Configure command: ./configure --localstatedir=/var --with-database=mysql --enable-memcached
MySQL client library version: 8.0.17
Extractors: libzip

‌

When changing / updating password.

Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /var/piler/www/model/user/user.php on line 425

Perhaps a database function call or bcrypt would be better?

Comments (2)