Branch: refs/heads/2.1.0
Home:
https://github.com/tribe29/checkmk
Commit: 29c3fefe413fb83515754de2030853dce086d409
https://github.com/tribe29/checkmk/commit/29c3fefe413fb83515754de2030853dce…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-07-21 (Thu, 21 Jul 2022)
Changed paths:
A .werks/14380
M cmk/gui/valuespec.py
M tests/unit/cmk/gui/test_valuespec.py
Log Message:
-----------
14380 SEC Improve security of password hashes in audit log
Hashes of passwords displayed in the audit log are now calculated using a keyed hash
function.
Previously, a truncated SHA256 hash of the password was displayed. While this is not an
issue for long, randomly generated passwords, the hashes of weak passwords could have been
reversed using brute-force.
Passwords are now hashed using HMAC with a random key that is not persisted. Note that, as
a consequence, users will not be able to recognize or validate password hashes in the
audit log.
CMK-10745
Change-Id: Iee3cfbdfe8e529d37bee7d54faea6f35648118c5