** Visibility changed to: Public -- User able to login with cleartext password and no salt https://bugs.launchpad.net/bugs/662424 You received this bug notification because you are a member of Mahara Committers, which is subscribed to Mahara.
Status in Mahara ePortfolio: Fix Committed Bug description: There seems to be two issues here: 1 - When resetting a user's password (via 'Acount Settings' as Admin user), the password is saved in cleartext and with no salt in the usr table. 2 - User login is then also possible with a cleartext password and no salt! I have tested this on the the following branches: 1.0_STABLE 1.1_STABLE 1.2_STABLE 1.3_STABLE master The issue seems to be present in all of the above branches. Relevant system specs: Ubuntu 10.04 Postgres 8.4.5 Cheers and hope this helps ;), Eugene. _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
