Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-1898

Strong cryptography for encoding frontend passwords

    XMLWordPrintable

Details

    • Team D
    • Sprint 58 (Nov 2019), Sprint 59 (Dec 2019), Sprint 60 (Jan 2020)
    • 2

    Description

      Currently MD5 algorithm is used for hashing user passwords.

      Since MD5 "should be considered cryptographically broken and unsuitable for further use" I would like to encourage to use "strong cryptography" for hashing frontend passwords.
      See NIST Special Publication 800-57 (http://csrc.nist.gov/publications/) for more information.

      Attachments

        Issue Links

          is duplicated by

          Incident report - Incident report ZBX-9881 Insecure password storage (unsalted hash)

          • Major - Major loss of function.
          • Closed

          Incident report - Incident report ZBX-16551 Zabbix stores user passwords as MD5 hashes

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Incident report - Incident report ZBX-9871 Migrate DB Password hashing to SHA256

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Patch request - Patch request ZBX-15922 user passwords are in MD5 (in SQL)

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Problem report - Problem report ZBX-17202 Error on User Create

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed
          mentioned in

          Page Loading...

          Activity

            People

              basilgon Vasily Goncharenko (Inactive)
              okkuv9xh Marc
              Votes:
              19 Vote for this issue
              Watchers:
              19 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: