Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The Felix Web Console currently stores unsalted hashed password [0]
This violates common security hygiene and industry standard.
The suggestion is to either add a random salt or use a stronger Password Storage algorithm e.g. Argon2 or PBKDF2 . See [1]
[1] https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
Attachments
Attachments
Issue Links
- relates to
-
FELIX-5985 Change the hardcoded WebConsole password
- Open