The host is installed with PHP before 5.3.7 and is prone to information disclosure vulnerability. A flaw is present crypt_blowfish function in the application, which fails in proper handling of passwords with 8-bit characters. Successful exploitation allows attackers to obtain the MD5 password hash and other sensitive information.