Project

General

Profile

Bug #13643

In Rudder 5.0, user password encoding is broken for some passwords.

Added by François ARMAND 2 months ago. Updated about 2 months ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Very Small
Priority:
79

Description

The algorithm used for user password encoding that compare them to the one stored in file may lead to a surnumerary leading '0'.

It's only on some passwords, so using an other password is sufficient to workaround the problem.

Associated revisions

Revision aaaa33a2 (diff)
Added by François ARMAND 2 months ago

Fixes #13643: In Rudder 5.0, user password encoding is broken for some passwords.

History

#1 Updated by François ARMAND 2 months ago

The problem is in the hexa string encoding. Using bouncy castle encoder resolve the problem.

#2 Updated by François ARMAND 2 months ago

  • Status changed from New to In progress

#3 Updated by François ARMAND 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2045

#4 Updated by François ARMAND 2 months ago

  • Status changed from Pending technical review to Pending release

#5 Updated by Vincent MEMBRÉ about 2 months ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 5.0.1 which was released today.
Changelog

Also available in: Atom PDF