Project

General

Profile

Actions
Copy link

Bug #13643

closed

In Rudder 5.0, user password encoding is broken for some passwords.

Added by François ARMAND about 6 years ago. Updated about 6 years ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Security
Target version:
5.0.1
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Very Small
Priority:
79
Name check:
Fix check:
Regression:

Description

The algorithm used for user password encoding that compare them to the one stored in file may lead to a surnumerary leading '0'.

It's only on some passwords, so using an other password is sufficient to workaround the problem.

Actions
Copy link
 #1

Updated by François ARMAND about 6 years ago

The problem is in the hexa string encoding. Using bouncy castle encoder resolve the problem.

Actions
Copy link
 #2

Updated by François ARMAND about 6 years ago

  • Status changed from New to In progress
Actions
Copy link
 #3

Updated by François ARMAND about 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2045
Actions
Copy link
 #4

Updated by François ARMAND about 6 years ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #5

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 5.0.1 which was released today. 
Changelog
Actions
Copy link

Also available in: Atom PDF