[DOCS-1739] Comment on: "manual/release-notes/password-hashing-insecurity.txt" Created: 24/Jul/13 Updated: 03/Nov/17 Resolved: 28/Aug/13 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 01112017-cleanup |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Sam Kleinman (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | collector-298ba4e7 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Mongo 2.5.1-pre, developed off of commit 7bafcc73b71bfd364786f6faf4401d345d714eba Location: http://docs.mongodb.org/manual/release-notes/password-hashing-insecurity/#password-hashing-security |
||
| Participants: | |
| Days since reply: | 10 years, 30 weeks ago |
| Description |
|
The document seems to imply that after 2.2, a user which exists on different databases will have different password hashes for the same cleartext. However, the issue described in the second bullet point still exists in 2.5. I can create a user with the same name and password in two databases, and they will have identical hashes. |