This is information about a single report in the Awooga system.
|Issues||sql-injection||Unresolved||(No comments added)|
SHA1/base64/salt home-made algorithm not a substitute for password_hash().
|deprecated-library||Unresolved||(No comments added)|
The usual SQL injection flaws in this one, the author has been notified. Also, the password hashing isn't strong enough. Looks like the login can be bypassed by changing the target user's password
|Author notified?||Yes, on 2014-10-21|