Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008779TestLinkSecurity - Generalpublic2019-10-03 03:462019-10-03 03:46
Reporterkenchan0130 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version1.9.19 (2019 Q1) 
Fixed in Version 
Summary0008779: User password storage method (MD5) is weak
DescriptionThe testlink saves password using MD5 method to users table.
It has been proven that MD5 passwords can be broken more quickly by attackers.

For example, even in the WordPress, it is reported as a vulnerability like https://nvd.nist.gov/vuln/detail/CVE-2012-6707. [^]

You must use a secure password hashing method such as bcrypt.
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
Browser
PHP Version
TestCaseID
QA Team - Task Workflow Status
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2019-10-03 03:46 kenchan0130 New Issue



Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker