2 matches found
GHSA-H362-M8F2-5X7C Password Hashing: Do not use MD5
Impact User passwords are stored in the database using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problemati...
CVE-2002-1657
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack...