Description

Salt is generated in an insecure way, which makes the password easier to guess.

Impact

Obtain valid credentials through dictionary attacks.

Recommendation

Generate the Salt with a secure hashing function.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes