ginger icon indicating copy to clipboard operation
ginger copied to clipboard

Published 20 hours ago verified publisher icon kimchi-project

user password is not encrypted for "Add User"

Open sureshab opened this issue 9 years ago • 4 comments

Navigate to "Host" - "Administration" - "User Management" Click on "Add User"

this is option to create new user. Admin would have to enter user details along with password and it is sent as plain text over the network, with user name and other details being part of same request. This can be a potential security breech.

sureshab avatar Jun 03 '16 06:06 sureshab

@danielhb IMO we can hash the password in javascript which is recommended. Libuser provides option to set hashed password

sureshab avatar Jun 03 '16 09:06 sureshab

Agree

danielhb avatar Jun 03 '16 12:06 danielhb

i will be working on this issue.

sureshab avatar Jun 03 '16 12:06 sureshab

@danielhb @chandrureddy i did search for javascript libraries which can produce the hashed password similar to crypt of linux. Unfortunately I couldn't get any. @samhenri can you help here if you are aware of any library which can be used?

sureshab avatar Jun 09 '16 10:06 sureshab