Details
-
Improvement
-
Resolution: Done
-
Major - P3
-
None
-
None
-
Mongo 2.5.1-pre, developed off of commit 7bafcc73b71bfd364786f6faf4401d345d714eba
*Location*: http://docs.mongodb.org/manual/release-notes/password-hashing-insecurity/#password-hashing-security
*User-Agent*: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0
*Screen Resolution*: 1440 x 900
*repo*: docs
*source*: release-notes/password-hashing-insecurity
Mongo 2.5.1-pre, developed off of commit 7bafcc73b71bfd364786f6faf4401d345d714eba *Location*: http://docs.mongodb.org/manual/release-notes/password-hashing-insecurity/#password-hashing-security *User-Agent*: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 *Screen Resolution*: 1440 x 900 *repo*: docs *source*: release-notes/password-hashing-insecurity
Description
The document seems to imply that after 2.2, a user which exists on different databases will have different password hashes for the same cleartext. However, the issue described in the second bullet point still exists in 2.5. I can create a user with the same name and password in two databases, and they will have identical hashes.