Issue #604 has been updated by Clément OUDOT.
It can be an idea, but when you use password policy on server side, you need to have password sent in clear text to check it. ---------------------------------------- Bug #604: Weak cryptography hash usage http://tools.lsc-project.org/issues/604 Author: John Menerick Status: Assigned Priority: Urgent Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-? While reviewing the code in file functions.inc.php, I observed a large number of weak cryptographic hashes. They are not strong enough to be used for hashing credentials. Line 26, Line 32, Line 40, and Line 46 come to mind. Additional information can be found @ http://www.hpenterprisesecurity.com/vulncat/en/vulncat/dotnet/weak_cryptographic_hash.html -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
