search

philippK-de / Collabtive

Collabtive is web based project management software
https://collabtive.o-dyn.de
GNU General Public License v3.0
215 stars 131 forks source link

Insecure installation password #122

Closed kelunik closed 7 years ago

kelunik commented 8 years ago

Generated passwords aren't secure. rand is predictable, but you need a cryptographically secure pseudo random number generator (CSPRNG). As your project supports PHP 5.5, you will want to have a look at random_compat, that backports PHP 7's random_int and random_bytes to PHP 5.5+.

kelunik commented 7 years ago

Why has this been closed as wontfix?