Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-1739

Comment on: "manual/release-notes/password-hashing-insecurity.txt"

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 01112017-cleanup
    • None
    • None

    Description

      The document seems to imply that after 2.2, a user which exists on different databases will have different password hashes for the same cleartext. However, the issue described in the second bullet point still exists in 2.5. I can create a user with the same name and password in two databases, and they will have identical hashes.

      Attachments

        Activity

          People

            sam.kleinman Sam Kleinman (Inactive)
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              10 years, 30 weeks ago