Posted by Scott Arciszewski on Nov 10

Hi OSS-Sec, Full Disclosure, MITRE, and friends,

I spent roughly half an hour looking at Joomla (and picking up my jaw
from the floor at how bad their crypto is), and this is what I found:

https://github.com/joomla/joomla-cms/issues/created_by/paragonie-scott

It seems to hit the jackpot at “bad crypto bingo”, even going so far
as to deploy a home-grown cipher that is basically XOR-ECB:
https://github.com/joomla/joomla-cms/issues/8327…