You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
updateUserFields method in Model.php updated the user password in to DB by using MD5 encryption, SonarQube rises a security hotspot on this with the message Make sure this weak hash algorithm is not used in a sensitive context here.
Suggested fix from SonarQube,
Safer alternatives, such as SHA-256, SHA-512, SHA-3 are recommended, and for password hashing, it's even better to use algorithms that do not compute too "quickly", like bcrypt, scrypt, argon2 or pbkdf2 because it slows down brute force attacks.
The text was updated successfully, but these errors were encountered:
Hi @tw-mk. Thanks for creating this issue. Actually only the token_auth should be created using md5. But in the database the token_auth as well as the password should be stored using sha512
updateUserFields method in Model.php updated the user password in to DB by using MD5 encryption, SonarQube rises a security hotspot on this with the message
Make sure this weak hash algorithm is not used in a sensitive context here.
Suggested fix from SonarQube,
Safer alternatives, such as SHA-256, SHA-512, SHA-3 are recommended, and for password hashing, it's even better to use algorithms that do not compute too "quickly", like bcrypt, scrypt, argon2 or pbkdf2 because it slows down brute force attacks.
The text was updated successfully, but these errors were encountered: