OpenID account is leaked because salt is 0 #12
Description
account_id = hash(sub, aud, salt). aud is public and salt is hardcoded to 0. So sub can be bruteforced. Fix it!!
{{ message }}
account_id = hash(sub, aud, salt). aud is public and salt is hardcoded to 0. So sub can be bruteforced. Fix it!!