View Issue Details

IDProjectCategoryView StatusLast Update
0026626mantisbtldappublic2020-02-09 07:05
Reporterrogueresearch Assigned Toatrol  
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionduplicate 
Summary0026626: Add config option to not cache (insecure MD5) password hashes in the database

According to the Admin Guide:

"An MD5 hash of the user's password will be stored in the database upon successful login, allowing fall-back to Standard Authentication when the LDAP server is not available."

This is unfortunate, because I was hoping to use LDAP as a workaround for bug 0022839.

Could a configuration flag be added to prevent this caching?

TagsNo tags attached.


duplicate of 0012957 assigneddregad Password stored md5-unsalted in database when LDAP authentication is enabled 




2020-01-25 16:15

reporter   ~0063517

Ha!, I'd even commented on the dupe. :)

Issue History

Date Modified Username Field Change
2020-01-25 00:09 rogueresearch New Issue
2020-01-25 07:05 atrol Assigned To => atrol
2020-01-25 07:05 atrol Status new => resolved
2020-01-25 07:05 atrol Resolution open => duplicate
2020-01-25 07:05 atrol Relationship added duplicate of 0012957
2020-01-25 16:15 rogueresearch Note Added: 0063517
2020-02-09 07:05 atrol Status resolved => closed