Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008779TestLinkSecurity - Generalpublic2019-10-03 03:462020-01-02 15:56
Reporterkenchan0130 
Assigned Tofman 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version1.9.19 (2019 Q1) 
Fixed in Version1.9.20 
Summary0008779: User password storage method (MD5) is weak
DescriptionThe testlink saves password using MD5 method to users table.
It has been proven that MD5 passwords can be broken more quickly by attackers.

For example, even in the WordPress, it is reported as a vulnerability like https://nvd.nist.gov/vuln/detail/CVE-2012-6707. [^]

You must use a secure password hashing method such as bcrypt.
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
Browser
PHP Version
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files

- Relationships
child of 0008549closedfman Availables hot-fixes for 1.9.19 & How To get full fixed package from GitHub 

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2019-10-03 03:46 kenchan0130 New Issue
2020-01-02 15:56 fman QA Team - Task Workflow Status => READY FOR TESTING
2020-01-02 15:56 fman Status new => resolved
2020-01-02 15:56 fman Fixed in Version => 1.9.20
2020-01-02 15:56 fman Resolution open => fixed
2020-01-02 15:56 fman Assigned To => fman
2020-01-02 15:56 fman Relationship added child of 0008549



Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker