|
|
|
|
|
|
by amalcon
1214 days ago
|
|
|
> That requires the attacker top also have access to the salt Which you must presume they do. If any part of your security relies on the salt being secret, that's a much bigger vulnerability than this. That said, I do think there's a potential vulnerability here, because it allows you to break in if you can only corrupt another user's password hash (rather than controlling it entirely). Think a rowhammer attack or something. |
|
|