** Changed in: mahara
Assignee: (unassigned) => Eugene (eugene-catalyst)
--
User able to login with cleartext password and no salt
https://bugs.launchpad.net/bugs/662424
You received this bug notification because you are a member of Mahara
Committers, which is subscribed to Mahara.
Status in Mahara ePortfolio: Fix Committed
Bug description:
There seems to be two issues here:
1 - When resetting a user's password (via 'Acount Settings' as Admin user), the
password is saved in cleartext and with no salt in the usr table.
2 - User login is then also possible with a cleartext password and no salt!
I have tested this on the the following branches:
1.0_STABLE
1.1_STABLE
1.2_STABLE
1.3_STABLE
master
The issue seems to be present in all of the above branches.
Relevant system specs:
Ubuntu 10.04
Postgres 8.4.5
Cheers and hope this helps ;),
Eugene.
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
