Architecture #25012: Migrating to bcrypt with unsafe hashes still match bcrypt hash only - Rudder - Issue Tracker

Actions

Copy link

Architecture #25012

closed

Architecture #24729: Allow using a different password hash algorithm for each local user

Migrating to bcrypt with unsafe hashes still match bcrypt hash only

Added by Clark ANDRIANASOLO 5 months ago. Updated 4 months ago.

Status:

Released

Priority:

N/A

Assignee:

François ARMAND

Category:

Security

Target version:

8.2.0~alpha1

Pull Request:

https://github.com/Normation/rudder/p...

Effort required:

Small

Name check:

To do

Fix check:

To do

Regression:

Description

Even with unsafe-hashes="true" in the rudder users XML file, after upgrading to 8.2, it seems that the previous unsalted hashes are not tested against the login password : users could no longer log in unless their hash is actually a bcrypt one

Actions

Copy link

Updated by Clark ANDRIANASOLO 5 months ago

Status changed from New to In progress

Actions

Copy link

Updated by Clark ANDRIANASOLO 5 months ago

Status changed from In progress to Pending technical review
Assignee changed from Clark ANDRIANASOLO to François ARMAND
Pull Request set to https://github.com/Normation/rudder/pull/5726

PR https://github.com/Normation/rudder/pull/5726

Actions

Copy link

Updated by Clark ANDRIANASOLO 5 months ago

Status changed from Pending technical review to Pending release

Applied in changeset rudder|e30298aa831dedc147a3dd249c231a7f8fd40e46.

Actions

Copy link

Updated by Alexis Mousset 4 months ago

Status changed from Pending release to Released

This bug has been fixed in Rudder 8.2.0~alpha1 which was released today.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries