php-censor v2.1.4 and fixed in v.2.1.5 exists to utilize a weak hashing algorithm for its remember_key value. This allows malicious users to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.