The passwords are currently only hashed. They should be salted before hashing. Small hashes are very easy to reverse. For example, in the latest commit, the hash for the superuser was: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 which is just sha256 for test. If the hash was salted, I wouldn't have been able to find it.
The passwords are currently only hashed. They should be salted before hashing. Small hashes are very easy to reverse. For example, in the latest commit, the hash for the superuser was:
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
which is just sha256 fortest
. If the hash was salted, I wouldn't have been able to find it.