[ww-bugs] Bug 3602: Incorrect password allows for login
bugzilla-daemon at webwork.maa.org
bugzilla-daemon at webwork.maa.org
Tue Feb 16 12:14:12 EST 2016
http://bugs.webwork.maa.org/show_bug.cgi?id=3602
Geoff Goehle <goehle at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |goehle at gmail.com
Resolution| |FIXED
--- Comment #1 from Geoff Goehle <goehle at gmail.com> 2016-02-16 12:14:12 ---
Versions of WeBWorK before 2.10 use the old DES password hashing. DES passwords
have a max length of 7 characters, which I think explains the behaviour you are
seeing. This was changed in https://github.com/openwebwork/webwork2/pull/473
to use SHA512 password hashing. You can either upgrade to 2.10 or implement
the change directly since it is simple:
https://github.com/openwebwork/webwork2/pull/473/files
I'm going to mark this as resolved. If this is *not* what is causing your
issue feel free to reopen the bug.
--
Configure bugmail: http://bugs.webwork.maa.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the webwork-bugs
mailing list