This is information about a single report in the Awooga system.

If you are the author of the referenced work, please note that it appears here because it has been judged to contain serious errors, usually of a security nature. Please read the introductory notes on the home page.

Develop a Complete Android Login Registration System with PHP, MySQL

Issues sql-injection Unresolved (No comments added)
password-inadequate-hashing Unresolved

SHA1/base64/salt home-made algorithm not a substitute for password_hash().

deprecated-library Unresolved (No comments added)

The usual SQL injection flaws in this one, the author has been notified. Also, the password hashing isn't strong enough. Looks like the login can be bypassed by changing the target user's password

Source Repo: 1
Author notified? Yes, on 2014-10-21
Created at: 2018-09-21 18:55:13 • Last updated at: 2024-04-23 13:24:49