[wp-trac] Re: [WordPress Trac] #2394: Passwords are stored in an
insecure un-salted form
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 29 07:46:32 GMT 2007
#2394: Passwords are stored in an insecure un-salted form
--------------------------------------------------------------+-------------
Reporter: sjmurdoch | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.0
Severity: normal | Resolution:
Keywords: has-patch salt password md5 phpass needs-testing |
--------------------------------------------------------------+-------------
Comment (by DD32):
Replying to [comment:21 ryan]:
> Also, upon successful login using a plaintext password, old hashes are
replaced with phpass hashes.
When this change goes in, Be sure to remind everyone that unless they have
a backup of the database, If they wish to downgrade to a previous
revision, or version (Once released) they'll need to reset all passwords.
I can see that as being something small which initial testers(maybe RC's)
will ignore at first.
--
Ticket URL: <http://trac.wordpress.org/ticket/2394#comment:22>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list