PFiDaba

Password hash is created by md5

Bug #1066023 reported by Philipp Trommler on 2012-10-12

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Jac	Fix Released	High	Unassigned
	PFiDaba	Fix Released	High	Unassigned	PFiDaba v0.9rc1

Bug Description

The password for a DB is still created using md5. Of course this is very insecure and only a filler, because for some reasons crypt() didn't work. The md5-function shall be replaced by the new PHP password-function.

Philipp Trommler (keinerschreibtmirwas) on 2012-10-14

Changed in jac:
status:	New → Triaged
importance:	Undecided → High

hexafraction (rarkenin) on 2012-10-14

security vulnerability:

no → yes

Philipp Trommler (keinerschreibtmirwas) on 2012-11-08

Changed in pfidaba:
status:	Triaged → Fix Released
Changed in jac:
status:	Triaged → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.