php · thorsten/phpmyfaqHeads-up
thorsten/phpmyfaq: Attachment passwords use broken SHA-1 hashing
Attachment passwords are hashed using SHA-1, a cryptographically broken algorithm vulnerable to collision attacks since 2017.
What changed
Attachment passwords are hashed using SHA-1, a cryptographically broken algorithm vulnerable to collision attacks since 2017.
Who it affects
Users of phpMyFAQ who use attachment password protection.
What to do today
Replace SHA-1 hashing with bcrypt as shown in the solution.
The trail
Collected→
Audited→
Written→
Published