Wow, I've just noticed it's even worse. So, MantisBT even stores an unsalted MD5-hashed copy of each password if LDAP authentication is enabled.
https://www.mantisbt.org/bugs/view.php?id=12957
Search found 2 matches
- 24 Oct 2016, 15:49
- Forum: Help
- Topic: Unable to log administrator after upgrade
- Replies: 4
- Views: 6567
- 24 Oct 2016, 13:17
- Forum: Help
- Topic: Unable to log administrator after upgrade
- Replies: 4
- Views: 6567
Re: Unable to log administrator after upgrade
Okay, so that means MantisBT uses plain MD5 to hash password and does not even salt them?