The "encryption" algorithm used is really weak.
The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data.
Solution is to rely on a stronger encryption algorithm; we've choose sodium since it is available as a native PHP extension, but also as PHP polyfill library (so the native extension is not mandatory).
The "encryption" algorithm used is really weak.
The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data.
Solution is to rely on a stronger encryption algorithm; we've choose sodium since it is available as a native PHP extension, but also as PHP polyfill library (so the native extension is not mandatory).