-
Need proper password hashing.
-
Keypoints:
- wpscan didn:t give useful info
- FFUF find /filemanager path, access with admin:admin, upload a reverse shell php file and find dora credentails info
- [PE] disk group
-
Hi @kobero98,
Thanks for sharing the repository and it's a nice one.
I noticed one issue - the following program hashes then stores passwords without a salt:
- Travelbook/src/main/java/travelb…
-
The hashing function is broken in PHP 7.1.0.
Instead of returning a password hash it returns `*0` and get stored into database. `crypt` function in PHP 7.1.0 may have something to do with it.
Sorry …
-
I've tried integrating this with Fortify / Jetstream on my login page.
Below is in my FortifyServiceProvider
`
Fortify::authenticateUsing(function (Request $request) {
$user = User…
-
I've been a user of Password Hasher Plus for many year, but I'm looking into a different solution, mostly to have a synced version of the password settings. However, Password Hasher Plus has the extra…
-
GS should use individual salt for each password and not a common one for all passwords.
the best way to do it, is to simply replace sha1() by crypt() and leave the salt empty.
http://php.net/manual/…
aoloe updated
11 years ago
-
http://www.openwall.com/lists/john-users/2015/10/18/3
-
Title says it all.
This is a major security vulnerability.
It seems the author isn't adware of current security standards (i.e. `rand()` is also used to generate passwords).
Something as impo…
-
## Description
Develop an endpoint to handle requests to reset password for registered users. If the password reset is successfully, it will be returned to the client with a '200' status. If an …