[DOCS-1739] Comment on: "manual/release-notes/password-hashing-insecurity.txt" Created: 24/Jul/13  Updated: 03/Nov/17  Resolved: 28/Aug/13

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 01112017-cleanup

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Sam Kleinman (Inactive)
Resolution: Done Votes: 0
Labels: collector-298ba4e7
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Mongo 2.5.1-pre, developed off of commit 7bafcc73b71bfd364786f6faf4401d345d714eba

Location: http://docs.mongodb.org/manual/release-notes/password-hashing-insecurity/#password-hashing-security
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0
Screen Resolution: 1440 x 900
repo: docs
source: release-notes/password-hashing-insecurity


Participants:
Days since reply: 10 years, 30 weeks ago

 Description   

The document seems to imply that after 2.2, a user which exists on different databases will have different password hashes for the same cleartext. However, the issue described in the second bullet point still exists in 2.5. I can create a user with the same name and password in two databases, and they will have identical hashes.


Generated at Thu Feb 08 07:41:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.