#504 passwords are stored as MD5-Sum *without salt*

[Kajk]

Hi there,

While playing around a little with bitweaver, I've seen, that the MD5-Hash, which is stored in the database, is not salted[1].

To show how dangerous this can be, following page is pretty interesting: http://md5.rednoize.com/

Affected files are afaik, most probably some more:
users/auth/bit/auth.php
users/auth/locate/auth.php
users/auth/multisites/auth.php
users/BitUser.php

It should be a must, that in some config-file a generated salt is stored.

greetings, kajk

[1] http://en.wikipedia.org/wiki/Salt_\(cryptography)