Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9881

Insecure password storage (unsalted hash)

    XMLWordPrintable

    Details

    • Type: Incident report
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Frontend (F)
    • Labels:
      None

      Description

      User passwords are stored in the database as an unsalted md5 hash. This is almost as insecure as plaintext. Many plaintext passwords could be recovered from these hashes using commonly available lookup tables. The passwords should be stored in some form of secure salted hash - such as with the bcrypt algorithm.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              denns42 Darrell Enns
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: