CodeIgniter weak encryption key

Description
  • CodeIgniter is a powerful PHP framework with a very small footprint, built for PHP coders who need a simple and elegant toolkit to create full-featured web applications. <br/><br/> If you use the Encryption class or the Session class you must set an encryption key. It's very important that an attacker doesn't know the value of this encryption key. Your application is using a weak/known encryption key and Acunetix managed to guess this key. Knowing the encryption key allows an attacker to impersonate any user in the application and even achive remote code execution.
Remediation
  • Change the value of the <strong>$config['encryption_key']</strong> (application/config/config.php) to a random string.
References