Project

General

Profile

Actions

Architecture #25012

closed

Architecture #24729: Allow using a different password hash algorithm for each local user

Migrating to bcrypt with unsafe hashes still match bcrypt hash only

Added by Clark ANDRIANASOLO 11 months ago. Updated 10 months ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Effort required:
Small
Name check:
To do
Fix check:
To do
Regression:
No

Description

Even with unsafe-hashes="true" in the rudder users XML file, after upgrading to 8.2, it seems that the previous unsalted hashes are not tested against the login password : users could no longer log in unless their hash is actually a bcrypt one

Actions

Also available in: Atom PDF