silverstripe/framework is vulnerable to Lack of Salt Update On Password Change. The vulnerability is due to the internal salt not being reset when a password is changed. An attacker can potentially exploit this to reduce the effectiveness of password hashing.