Project

General

Profile

Actions

Bug #13643

closed

In Rudder 5.0, user password encoding is broken for some passwords.

Added by François ARMAND over 4 years ago. Updated over 4 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Very Small
Priority:
79
Regression:

Description

The algorithm used for user password encoding that compare them to the one stored in file may lead to a surnumerary leading '0'.

It's only on some passwords, so using an other password is sufficient to workaround the problem.

Actions #1

Updated by François ARMAND over 4 years ago

The problem is in the hexa string encoding. Using bouncy castle encoder resolve the problem.

Actions #2

Updated by François ARMAND over 4 years ago

  • Status changed from New to In progress
Actions #3

Updated by François ARMAND over 4 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2045
Actions #4

Updated by François ARMAND over 4 years ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Vincent MEMBRÉ over 4 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 5.0.1 which was released today.
Changelog
Actions

Also available in: Atom PDF