silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Over a quarter of all the major content management systems (CMSs) use the old and outdated MD5 hashing scheme as the default for securing and storing user passwords.
Some of the projects that use MD5 as the default method for storing user passwords include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB, SugarCRM, CMS Made Simple, MantisBT, Phorum, Observium, X3cms, and Composr.
This means that unless website owners changed these default settings by modifying the CMS source code, most websites built on top of these CMSs puts user passwords at risk in the case a hacker steals the site's database.
This revelation is just one of the many observations that came out of an extensive academic research project at the University of Piraeus, in Greece.