Vulnerability

    Neoboard

Affected

    Neoboard 3.0

Description

    Jonathan  Leto  found  following.   He  was  browsing  the code of
    neoboard_register.php and found at line 210 this:

        if($this->style->USE_CRYPT) $userpassword = crypt($userpassword, '.v');

    All passwords are  generated with a  salt of ".v".   This isn't  a
    huge security  hole, but  if someone  gets to  the hashes  in your
    database, it will be a lot easier to crack them.

Solution

    Nothing yet.