#5 Passwords in database can easily be decrypted

[Michael Dyrna]

The "encrypt" function in Crypt.php does not use the $key parameter as encryption key but an MD5 hash of it. At the same time, the user passwords (and admin password) are stored as MD5 hash in the database as well. As a consequence, the knowledge of the password MD5 hash from the database (and not the password itself) is sufficient to decrypt the keys for groups and password groups and passwords. So whoever has access to the database (or an export e.g. for backup reasons) can easily decrypt all contained passwords.

Proposed solution: Modify the "encrypt" and "decrypt" function in a way that not the MD5 hash of the passed $key is used as encryption/decryption key. Unfortunately, in order not to break backward compatibility with existing database contents of existing deployments, a complex migration logic might be necessary.

Alternative solution: Modify the storage of the passwords in the database. (Unsalted MD5 is easily breakable anyway - e.g. https://crackstation.net/) With this solution, the migration login will also be simpler.

[cwrm]

This issue is addressed in later versions. E.g. in the latest revision in the SVN Repository. I will bundle a new release package asap.