Details
-
Type:
Incident report
-
Status: Closed
-
Priority:
Minor
-
Resolution: Duplicate
-
Affects Version/s: 4.4.0alpha2
-
Fix Version/s: None
-
Component/s: API (A)
-
Labels:None
Description
Zabbix before version 4.4.0alpha2 stores credentials in the "users" table with the password hash stored as a MD5 hash, which is a known insecure hashing method. Furthermore, no salt is used with the hash.
Attachments
Issue Links
- duplicates
-
ZBXNEXT-1898 Strong cryptography for encoding frontend passwords
-
- Closed
-