Details
-
Incident report
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
None
-
None
-
None
Description
User passwords are stored in the database as an unsalted md5 hash. This is almost as insecure as plaintext. Many plaintext passwords could be recovered from these hashes using commonly available lookup tables. The passwords should be stored in some form of secure salted hash - such as with the bcrypt algorithm.
Attachments
Issue Links
- duplicates
-
ZBXNEXT-1898 Strong cryptography for encoding frontend passwords
-
- Closed
-