Passwords are stored in database using insecure methods
Brought to you by:
tim4dev
User account passwords are stored in the database using simple MD5 hashing with no salt. This makes it trivial to crack passwords once retrieved from the database table.
Solution:
All passwords should be stored using a random and unique salt per account, and should use tested methods to perform the encryption specifically designed for password storage. They should not use simple MD5 hashing, even with the salt included.
Fixed in Webacula 7.0