To make it instructional, it's important to note the following main vulnerabilities in the server:
1. Hashes revealed in source code
2. Easy hashes to guess (already in online database)
3. Webshell prone to OS command execution, allowing reverse shell
4. Master password burried in Binary
5. Allowing sign ins from any location
Never, never, NEVER assume that other people won't find the trails you leave for other developers to find (due to your laziness and malpractices).
Have fun and happy hacking!