Fix for PHPizabi critical security flaw which could allow user to obtain MD5 password via user comments feature
Thursday, May 1st, 2008PHPizabi, makers of one of the more feature-packed and popular social networking systems, announced earlier this afternoon a fix for a critical security flaw which could allow a malicious user to intercept the site owners MD5 password by exploiting a weakness in the usercomments.php script.
Although MD5 passwords are indeed encrypted, a commited cracker could decrypt the password using a powerful enough compute cluster and appropriate software.
