Project

General

Profile

Actions

Bug #23208

open

Add a warning in the logs when using local auth with non-bcrypt passwords

Added by Alexis Mousset over 1 year ago. Updated 15 days ago.

Status:
Pending technical review
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

The old hashes should be replaced fro security. A rudder-users.xml access without it would very likely lead to password recovery using rainbow tables.

Actions

Also available in: Atom PDF