Re: [PATCH] proxy.cgi: Switch to MD5 hashed passwords for local user auth.

7 Feb 2020

Ah yes, it is great to finally deploy MD5 in 2020.
Luckily this doesn’t matter because the passwords are being sent in plain text over an unencrypted channel.
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
...
On 7 Feb 2020, at 11:06, Stefan Schantl stefan.schantl@ipfire.org wrote:
The former used default Crypt algorithmus only supports passwords up to
eight signs wheater MD5 does not have any limitation here.
Fixes 12290.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/proxy.cgi | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index b63964081..06aca579b 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3945,7 +3945,13 @@ sub adduser
   } else {
   	&deluser($str_user);

my $htpasswd = new Apache::Htpasswd("$userdb");




my %htpasswd_options = (


	passwdFile => "$userdb",


	UseMD5 => 1,


);



my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);


$htpasswd->htpasswd($str_user, $str_pass);
 }

-- 
2.25.0

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [PATCH] proxy.cgi: Switch to MD5 hashed passwords for local user auth.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org