Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: e02e5c0535b1959e8c87af9f0b14b142a89839fd
https://github.com/tribe29/checkmk/commit/e02e5c0535b1959e8c87af9f0b14b142a…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-07-21 (Thu, 21 Jul 2022)
Changed paths:
A .werks/14380
M cmk/gui/valuespec.py
M tests/unit/cmk/gui/test_valuespec.py
Log Message:
-----------
14380 SEC Improve security of password hashes in audit log
Hashes of passwords displayed in the audit log are now calculated using a keyed hash function.
Previously, a truncated SHA256 hash of the password was displayed. While this is not an issue for long, randomly generated passwords, the hashes of weak passwords could have been reversed using brute-force.
Passwords are now hashed using HMAC with a random key that is not persisted. Note that, as a consequence, users will not be able to recognize or validate password hashes in the audit log.
CMK-10745
Change-Id: I090a86a6418dce29f2e2d648d8d526b890d707c4
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 3968b403911bf7286f50d526e26facefd4bd5b25
https://github.com/tribe29/checkmk/commit/3968b403911bf7286f50d526e26facefd…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-07-20 (Wed, 20 Jul 2022)
Changed paths:
M tests/unit/cmk/gui/watolib/test_gui_rulesets.py
Log Message:
-----------
skip the rule diffing test only on raw
Change-Id: I1c5683b360db472171bf3a1a91acd03b2b0d4169