-
Hi,
piWallet uses an insecure hashing algorithm to store user passwords, plain MD5. It's weakened by the fact `strip_tags()` is being run on the plaintext password (why?).
```
$password = md5(…
-
First, thank you very much for developing mailu and making it available to the general public.
On both IMAP via evolution as well as on roundcube, I noted long delays before successful login.
Fo…
-
Is:
If you create a file with "use server" and use it in a component/route file, the file code will be duplicated to two chunks. It will be in `server/chunks/build/someRoute.mjs` and also `server/chu…
-
Hi,
I have an Nginx container. Do I need to install Fail2Ban on the container to protect it?
Thank you.
-
I would like to propose there being a standardized format for password-only (that is, effectively single-factor authentication) keys using WebAuthn.
I understand there may be some reluctance among …
-
Would be nice to update the rules as they havn't been updated for a very long time.
https://docs.google.com/spreadsheets/d/1qQNwggWIWtL-m0EYrRg_vdwHOrZCY-SnWcYTwQN0fMk/edit#gid=1952927995
Is goo…
-
The goal of this meta issue is to build a go-to place for links, information, and opportunities for building trustless zk-SNARKs as a potential future protocol building-block for Monero.
Disclaimer…
-
### What happened?
Hello, I updated CrowdSec to version 1.6.2, and upon restarting the CrowdSec service, an error was flagged as the connection to the API on port 8080 was being refused. Upon reviewi…
-
Hi, I have installed Zeek (6.2.0-dev.481) on Ubuntu 22 to for a personal little project to test SQLi and SSH Bruteforce/Dictionary attacks in my own network. For some reason doesn't generate notices …
-
As an interested security enthusiast analyzing SSH3, I wanted to raise some questions about certain security assertions made in the documentation, as well as use of the SSH3 name/branding before forma…