Architecture #25012: Migrating to bcrypt with unsafe hashes still match bcrypt hash only - Rudder - Issue Tracker

Actions

Copy link

Architecture #25012

closed

Architecture #24729: Allow using a different password hash algorithm for each local user

Migrating to bcrypt with unsafe hashes still match bcrypt hash only

Added by Clark ANDRIANASOLO 11 months ago. Updated 9 months ago.

Status:

Released

Priority:

N/A

Assignee:

François ARMAND

Category:

Security

Target version:

8.2.0~alpha1

Pull Request:

https://github.com/Normation/rudder/p...

Effort required:

Small

Name check:

To do

Fix check:

To do

Regression:

Description

Even with unsafe-hashes="true" in the rudder users XML file, after upgrading to 8.2, it seems that the previous unsalted hashes are not tested against the login password : users could no longer log in unless their hash is actually a bcrypt one

Actions

Copy link

Updated by Clark ANDRIANASOLO 11 months ago

Status changed from New to In progress

Actions

Copy link

Updated by Clark ANDRIANASOLO 11 months ago

Status changed from In progress to Pending technical review
Assignee changed from Clark ANDRIANASOLO to François ARMAND
Pull Request set to https://github.com/Normation/rudder/pull/5726

PR https://github.com/Normation/rudder/pull/5726

Actions

Copy link

Updated by Clark ANDRIANASOLO 11 months ago

Status changed from Pending technical review to Pending release

Applied in changeset rudder|e30298aa831dedc147a3dd249c231a7f8fd40e46.

Actions

Copy link

Updated by Alexis Mousset 9 months ago

Status changed from Pending release to Released

This bug has been fixed in Rudder 8.2.0~alpha1 which was released today.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries