+ \begin{itemize}[leftmargin=*]
+ \item
+ The application uses MD5 for password hashing, which is insecure by current
+ standards of FIPS 140{-}2.
+ \item
+ The application uses \code{crypt()} for passwords, and does not supply a
+ salt in these cases. This means \PHP{} will use DES{-}based algorithm,
+ which is insecure by the current standard of FIPS 140{-}2.
+ \end{itemize}