Project

General

Profile

Actions

Bug #23208

open

Add a warning in the logs when using local auth with non-bcrypt passwords

Added by Alexis Mousset 9 months ago. Updated 11 days ago.

Status:
Pending technical review
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

The old hashes should be replaced fro security. A rudder-users.xml access without it would very likely lead to password recovery using rainbow tables.

Actions #1

Updated by Alexis Mousset 9 months ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #2

Updated by Alexis Mousset 9 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/4944
Actions #3

Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 8.0.0~beta1 to 8.0.0~beta2
Actions #4

Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 8.0.0~beta2 to 8.0.0~beta3
Actions #5

Updated by Alexis Mousset 7 months ago

  • Target version changed from 8.0.0~beta3 to 8.1.0~alpha1
Actions #6

Updated by Vincent MEMBRÉ 3 months ago

  • Target version changed from 8.1.0~alpha1 to 8.1.0~beta1
Actions #7

Updated by Vincent MEMBRÉ about 2 months ago

  • Target version changed from 8.1.0~beta1 to 8.1.0~beta2
Actions #8

Updated by Vincent MEMBRÉ about 1 month ago

  • Target version changed from 8.1.0~beta2 to 8.1.0~rc1
Actions #9

Updated by Vincent MEMBRÉ 17 days ago

  • Target version changed from 8.1.0~rc1 to 8.1.0
Actions #10

Updated by Vincent MEMBRÉ 11 days ago

  • Target version changed from 8.1.0 to 8.1.1
Actions

Also available in: Atom PDF