[
https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeff Jirsa updated CASSANDRA-13626:
-----------------------------------
Resolution: Fixed
Status: Resolved (was: Ready to Commit)
Nice. Dtest environment looks pretty messy today, some of the slaves are acting
up. I've read through some of the console logs and even on the aborted runs,
there's nothing auth related, so I'm proceeding (since it's a fairly trivial
patch). Added those tests and committed as
{{5e7f60f6bf5da386076faa08cefb3970a6ba5cc0}}
> Check hashed password matches expected bcrypt hash format before checking
> -------------------------------------------------------------------------
>
> Key: CASSANDRA-13626
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
> Project: Cassandra
> Issue Type: Bug
> Components: Auth
> Reporter: Jeff Jirsa
> Assignee: Jeff Jirsa
> Priority: Minor
> Fix For: 3.0.15, 3.11.1, 4.0
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job
> of guaranteeing that the hashed password we send to it is really a hashed
> password, and {{checkpw}} does an even worse job of failing nicely. We should
> at least sanity check the hash complies with the expected format prior to
> validating.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
