Hi,
Thomas Goirand tho...@goirand.fr writes:
On 04/08/2011 08:14 AM, Ansgar Burchardt wrote:
I noticed you prepared a patch[1] using MySQL's PASSWORD() function.
Please note that this function should *not* be used by applications
besides MySQL itself[2] in addition to not salting the hash.
On 04/08/2011 09:49 PM, Thomas Goirand wrote:
On 04/08/2011 08:14 AM, Ansgar Burchardt wrote:
Hi Thomas,
I noticed you prepared a patch[1] using MySQL's PASSWORD() function.
Please note that this function should *not* be used by applications
besides MySQL itself[2] in addition to not salting
On 04/08/2011 08:14 AM, Ansgar Burchardt wrote:
Hi Thomas,
I noticed you prepared a patch[1] using MySQL's PASSWORD() function.
Please note that this function should *not* be used by applications
besides MySQL itself[2] in addition to not salting the hash. The crypt
function included in
Hi Thomas,
I noticed you prepared a patch[1] using MySQL's PASSWORD() function.
Please note that this function should *not* be used by applications
besides MySQL itself[2] in addition to not salting the hash. The crypt
function included in PHP itself[3] with salting and a modern hash like
On 02/21/2011 06:07 AM, Ansgar Burchardt wrote:
Package: dtc-common
Version: 0.29.17-1
Severity: grave
Tags: upstream security
dtc stores user passwords unencrypted in the database:
$q = INSERT INTO $pro_mysql_new_admin_table
(reqadm_login,
reqadm_pass,
[...]
Thomas Goirand tho...@goirand.fr writes:
On 02/21/2011 06:07 AM, Ansgar Burchardt wrote:
dtc stores user passwords unencrypted in the database:
$q = INSERT INTO $pro_mysql_new_admin_table
(reqadm_login,
reqadm_pass,
[...]
VALUES('.$_REQUEST[reqadm_login].',
- Original message -
Yes. He could have gained read-only access or just access to an offline
copy (for example a backup copy). Also many people reuse passwords
(yes, it's a bad idea, but people do), so this would allow compromise of
further systems.
Sure, you could and it would
severity 614304 critical
tags 614304 + security
thanks
Thomas Goirand tho...@goirand.fr writes:
Yes. He could have gained read-only access or just access to an offline
copy (for example a backup copy). Also many people reuse passwords
(yes, it's a bad idea, but people do), so this would
Package: dtc-common
Version: 0.29.17-1
Severity: grave
Tags: upstream security
dtc stores user passwords unencrypted in the database:
$q = INSERT INTO $pro_mysql_new_admin_table
(reqadm_login,
reqadm_pass,
[...]
VALUES('.$_REQUEST[reqadm_login].',
'.$_REQUEST[reqadm_pass].',
(from
9 matches
Mail list logo