The former used default Crypt algorithmus only supports passwords up to eight signs wheater MD5 does not have any limitation here.
Fixes 12290.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- html/cgi-bin/proxy.cgi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index b63964081..06aca579b 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3945,7 +3945,13 @@ sub adduser } else { &deluser($str_user);
- my $htpasswd = new Apache::Htpasswd("$userdb"); + my %htpasswd_options = ( + passwdFile => "$userdb", + UseMD5 => 1, + ); + + my $htpasswd = new Apache::Htpasswd(%htpasswd_options); + $htpasswd->htpasswd($str_user, $str_pass); }
Ah yes, it is great to finally deploy MD5 in 2020.
Luckily this doesn’t matter because the passwords are being sent in plain text over an unencrypted channel.
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 7 Feb 2020, at 11:06, Stefan Schantl stefan.schantl@ipfire.org wrote:
The former used default Crypt algorithmus only supports passwords up to eight signs wheater MD5 does not have any limitation here.
Fixes 12290.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/proxy.cgi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index b63964081..06aca579b 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3945,7 +3945,13 @@ sub adduser } else { &deluser($str_user);
my $htpasswd = new Apache::Htpasswd("$userdb");
my %htpasswd_options = (passwdFile => "$userdb",UseMD5 => 1,);my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);- $htpasswd->htpasswd($str_user, $str_pass); }
-- 2.25.0
-
Michael Tremer -
Stefan Schantl