Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9871

Migrate DB Password hashing to SHA256

    XMLWordPrintable

    Details

    • Type: Incident report
    • Status: Closed
    • Priority: Trivial
    • Resolution: Duplicate
    • Affects Version/s: 2.2.10
    • Fix Version/s: None
    • Component/s: Frontend (F)
    • Labels:
      None

      Description

      I noticed that user passwords are stored in the database using an unsalted md5 hash for the internal authentication.

      This is generally accepted as bad practice and broken, as md5 hashes can be cracked in a trivial amount of time.

      I propose that Zabbix migrate to a salted sha256 hashing scheme to improve user password security.

      It would be trivial to do by simply adding another column that marks what scheme the password is hashed with (defaulting to md5 for existing users), and on login / change of password, switch to a sha256 hash and update the hash column accordingly when md5 is used.

      Since 2.2 is LTS, would really like for it to happen in 2.2.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              aikar Daniel Ennis
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: