Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Change the current structure of encryption from mcrypt

Raymond Belden shared this idea 2 years ago
Completed

I'm wondering why at this point WHMCS is still using mcrypt and not something like Libsodium. Currently there are multiple security flaws with mcrypt. Not to mention the php-dev team are setting it up for it's "viking funeral" :P

Comments (2)

photo
1

This should really be implemmented as new php releases NO longer include mcrypt,

photo
1

Hi there,

Thanks for your suggestion. Mcrypt was used by parts of Google recaptcha v1. Since that's discontinued we removed that dependency from the core software in 7.1.

It remained a requirement for the OpenSRS module until 7.6, at which point it was also replaced.