mahara-contributors team mailing list archive

Thread
Date

[Bug 662424] Re: User able to login with cleartext password and no salt

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Tue, 14 Jun 2011 03:57:35 -0000
Reply-to: Bug 662424 <662424@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/662424

Title:
  User able to login with cleartext password and no salt

Status in Mahara ePortfolio:
  Fix Released

Bug description:
  There seems to be two issues here:
  1 - When resetting a user's password (via 'Acount Settings' as Admin user), the password is saved in cleartext and with no salt in the usr table.
  2 - User login is then also possible with a cleartext password and no salt!

  I have tested this on the the following branches:
    1.0_STABLE
    1.1_STABLE
    1.2_STABLE
    1.3_STABLE
    master

  The issue seems to be present in all of the above branches.

  Relevant system specs:
  Ubuntu 10.04
  Postgres 8.4.5

  Cheers and hope this helps ;),
  Eugene.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/662424/+subscriptions