Skip to content

Potential password disclosure via MySQL query

Currently, sec_check.php passes the password, in the clear, to the MySQL database for verification. While the password in the DB is hashed, it is possible for the clear password to be captures in a log. Passwords should be encrypted prior to sending them to the database for verification.