Password hashing tests do not cover all options

Created on 17 March 2015, over 9 years ago

Updated 4 June 2024, 6 months ago

The security fix for 7.34 included a test to ensure that hashed passwords would be created from a source with characters under 512 bytes.

While we cover most eventualities, there's an omission in one part of the existing test which means we don't cover everything.

🐛 Bug report

Status

RTBC

Version

7.0 ⚰️

Component

Simpletest →

Last updated about 2 months ago

Created by

🇦🇺Australia adammalone Sydney/Australia

Live updates comments and jobs are added and updated live.

Comments & Activities

Open in Jenkins → Open on Drupal.org →
Environment: PHP 7.4 & SQLite 3.27
last update 6 months ago
2,180 pass
Status changed to RTBC 6 months ago1:33pm 4 June 2024
Comment 6 months ago →
🇸🇰Slovakia poker10
Thanks for reporting and working on this. Yes, the user_hash_password($password); line is missing to correctly check 512 byte long password. Moving to RTBC.

Production build 0.71.5 2024