Insecure password storage (unsalted hash)

XMLWordPrintable

    • Type: Incident report
    • Resolution: Duplicate
    • Priority: Major
    • None
    • Affects Version/s: None
    • Component/s: Frontend (F)
    • None

      User passwords are stored in the database as an unsalted md5 hash. This is almost as insecure as plaintext. Many plaintext passwords could be recovered from these hashes using commonly available lookup tables. The passwords should be stored in some form of secure salted hash - such as with the bcrypt algorithm.

            Assignee:
            Unassigned
            Reporter:
            Darrell Enns
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: