Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9881

Insecure password storage (unsalted hash)

    XMLWordPrintable

Details

    • Incident report
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • None
    • None
    • Frontend (F)
    • None

    Description

      User passwords are stored in the database as an unsalted md5 hash. This is almost as insecure as plaintext. Many plaintext passwords could be recovered from these hashes using commonly available lookup tables. The passwords should be stored in some form of secure salted hash - such as with the bcrypt algorithm.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              denns42 Darrell Enns
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: