View Full Version : Coppermine is bad software: here is the reason.
robert allen
August 5th, 2005, 08:00
Until now, i thought everything with coppermine was safe. But i guess not. It does not hash passwords in the database likephpBB2 or IPB 2.0.0.
What do you think about this?
tm899
August 5th, 2005, 10:13
That's why you should use a different password for everything you use ;)
robert allen
August 5th, 2005, 10:16
That's why you should use a different password for everything you use ;)
I do, but it came to a shock to me, i posted on the coppermine forums, and it was because i was using 1.3, 1.4 has already been released.
wunescapian
August 6th, 2005, 23:44
<input type="password" name="var name" value="default value">
Corazu
August 7th, 2005, 01:08
Wune, he means it's going in as password.
If ABC123 is your password, then it should go into your DB hashed with MD5 encoding, in which it is a string of (32?) characters from A-F and 1-6 (I think).
But since it isn't this way with coppermine, it's going into the DB as ABC123 making it very easy to get the password if someone knows what to do.
Regards,
Powered by vBulletin® Version 4.1.7 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.