Webacula / Bugs / #123 Passwords are stored in database using insecure methods

#123 Passwords are stored in database using insecure methods

Milestone: database

Status: closed-fixed

Owner: Yuriy Timofeev

Labels: None

Priority: 5

Updated: 2014-10-02

Created: 2014-04-07

Creator: Brian

Private: No

User account passwords are stored in the database using simple MD5 hashing with no salt. This makes it trivial to crack passwords once retrieved from the database table.

Solution:
All passwords should be stored using a random and unique salt per account, and should use tested methods to perform the encryption specifically designed for password storage. They should not use simple MD5 hashing, even with the salt included.

Discussion

Yuriy Timofeev - 2014-10-02

Fixed in Webacula 7.0

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Yuriy Timofeev - 2014-10-02

status: open --> closed-fixed

assigned_to: Yuriy Timofeev
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Passwords are stored in database using insecure methods

Group

Searches

Help

#123 Passwords are stored in database using insecure methods

Discussion