Branch: refs/heads/2.0.0
Home:
https://github.com/tribe29/checkmk
Commit: e02e5c0535b1959e8c87af9f0b14b142a89839fd
https://github.com/tribe29/checkmk/commit/e02e5c0535b1959e8c87af9f0b14b142a…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-07-21 (Thu, 21 Jul 2022)
Changed paths:
A .werks/14380
M cmk/gui/valuespec.py
M tests/unit/cmk/gui/test_valuespec.py
Log Message:
-----------
14380 SEC Improve security of password hashes in audit log
Hashes of passwords displayed in the audit log are now calculated using a keyed hash
function.
Previously, a truncated SHA256 hash of the password was displayed. While this is not an
issue for long, randomly generated passwords, the hashes of weak passwords could have been
reversed using brute-force.
Passwords are now hashed using HMAC with a random key that is not persisted. Note that, as
a consequence, users will not be able to recognize or validate password hashes in the
audit log.
CMK-10745
Change-Id: I090a86a6418dce29f2e2d648d8d526b890d707c4