Bug: after switching to enhanced password hashing, you can't return to md5 hashing
Reported by dleffler | December 27th, 2015 @ 03:31 AM | in 2.3.7 (closed)
Not that you'd want to, but once you've elevated the password hashing security from '0' to higher, you can't return to '0' (md5) successfully. You can always move from md5/0 to more secure seamlessly, but with the recent bug caused by the password hash field being too small if you've initially installed a version prior to 2.3.5 and upgrade to 2.3.5+.
Comments and changes to this ticket
-
dleffler December 27th, 2015 @ 12:39 PM
Not sure this is a bad thing...once your password is converted to the new hash, it won't be converted again if the security level is reduced or increased. And it only affects new users or those changing their passwords.
-
dleffler December 31st, 2015 @ 09:02 PM
- State changed from “new” to “resolved”
This was fixed with a recent push which now actually updates existing table columns...previously update_tables() would only add or remove columns (and indexes), but NEVER update a column that already existed.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
dleffler
expNinja