- edited description
Insecure crypt() function (needs to have salt)
piler 1.3.6, build 998, Janos SUTO sj@acts.hu
Build Date: Tue Feb 25 01:42:40 UTC 2020
ldd version: ldd (GNU libc) 2.28
gcc version: gcc version 8.3.1 20190507 (Red Hat 8.3.1-4) (GCC)
OS: Linux archive 4.18.0-147.3.1.el8_1.x86_64 SMP Fri Jan 3 23:55:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux#1
Configure command: ./configure --localstatedir=/var --with-database=mysql --enable-memcached
MySQL client library version: 8.0.17
Extractors: libzip
When changing / updating password.
Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /var/piler/www/model/user/user.php on line 425
Perhaps a database function call or bcrypt would be better?
Comments (2)
-
reporter -
repo owner - changed status to resolved
Thank you for noticing. This commit fixes the issue: https://bitbucket.org/jsuto/piler/commits/e169c09c4c84be33f1f478b220bcc611754931b0
- Log in to comment