Snippets Groups Projects

Welcome to Vtiger Community. To gain access for account, please contact [ community @ vtiger.com ]

security issue with user access control

the user's access control is not as save as it should be. For verifying a password vtiger always uses a salt build from a user's name. But a salt should have a random value. In addition, SHA512 should be used. see for example here for more details of making it right: https://crackstation.net/hashing-security.htm

Designs

Child items 0

No child items are currently assigned. Use child items to break down this issue into smaller parts.

Activity

Prasad Added enhancement label 9 years ago

Added enhancement label
Prasad Added security label 6 years ago

Added security label
Prasad Milestone changed to 7.1.1 6 years ago

Milestone changed to 7.1.1
Prasad Added pick label 6 years ago

Added pick label
Prasad Status changed to closed by commit 172f26c4 6 years ago

Status changed to closed by commit 172f26c4
P

Prasad @prasad · 6 years ago

Maintainer

PHASH crypt_mode uses password_hash and password_verify API that are recommended and claimed to be stronger (available from PHP >= 5.5.0).
Prasad Milestone changed to 7.2.0 6 years ago

Milestone changed to 7.2.0

Please register or sign in to reply

Labels

None

Milestone

None

Due date

None

Confidentiality

Not confidential

0 Participants

Copyright 2023 Vtiger. All rights reserved.