silversurfer

Level 52
Verified
Trusted
Content Creator
Malware Hunter
Over a quarter of all the major content management systems (CMSs) use the old and outdated MD5 hashing scheme as the default for securing and storing user passwords.

Some of the projects that use MD5 as the default method for storing user passwords include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB, SugarCRM, CMS Made Simple, MantisBT, Phorum, Observium, X3cms, and Composr.

This means that unless website owners changed these default settings by modifying the CMS source code, most websites built on top of these CMSs puts user passwords at risk in the case a hacker steals the site's database.

This revelation is just one of the many observations that came out of an extensive academic research project at the University of Piraeus, in Greece.