To whom it may concern.
Our security team is working on the automated detection of session vulnerabilities in opensource web applications, including insecure hashing of authentication credentials. Our analyzer identified that the signup function of UI/views/generalView.py is using an unsafe hashing function (SHA-256) to store users' passwords. This practice might leave your application vulnerable to offline bruteforcing attacks. Please see the OWASP recommendations for secure password hashing: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Can you take a look into the relevant code parts and comment on the issue?
To whom it may concern.
Our security team is working on the automated detection of session vulnerabilities in opensource web applications, including insecure hashing of authentication credentials. Our analyzer identified that the signup function of UI/views/generalView.py is using an unsafe hashing function (SHA-256) to store users' passwords. This practice might leave your application vulnerable to offline bruteforcing attacks. Please see the OWASP recommendations for secure password hashing: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Can you take a look into the relevant code parts and comment on the issue?