Many CMSs store passwords insecurely by default

WordPress, osCommerce, miniBB, MyBB, and many more CMSs use MD5/SHA-1 to “securely” store passwords by default:

– 60% of the CMSs use outdated or inefficient hashing schemes
– no CMS used scrypt or Argon2
– 14% of the CMSs didn’t use salt, and 37% didn’t employ iterations for their hashing function