Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#8400] - Beef up JCryptPasswordSimple to match JUserHelper

? Pending

User tests: Successful: Unsuccessful:

avatar mbabker
mbabker
12 Nov 2015

JCryptPasswordSimple's password verification function is inherently weak (most likely since it was never implemented into the CMS) from a security perspective. This patch beefs it up to validate passwords with similar logic as used in JUserHelper::verifyPassword() for the hashes that it supports.

As this code is unimplemented in the CMS, you'll need to trust the unit tests here.

avatar mbabker mbabker - open - 12 Nov 2015
avatar mbabker mbabker - change - 12 Nov 2015
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 12 Nov 2015
Labels Added: ?
avatar roland-d roland-d - test_item - 13 Nov 2015 - Tested successfully
avatar roland-d
roland-d - comment - 13 Nov 2015

I have tested this item :white_check_mark: successfully on 78232f2

The passwords are still verified correctly.

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8400.

avatar wilsonge wilsonge - change - 13 Nov 2015
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2015-11-13 17:54:28
Closed_By wilsonge
avatar wilsonge wilsonge - close - 13 Nov 2015
avatar wilsonge wilsonge - reference | beb6136 - 13 Nov 15
avatar wilsonge wilsonge - merge - 13 Nov 2015
avatar wilsonge wilsonge - close - 13 Nov 2015
avatar wilsonge wilsonge - change - 13 Nov 2015
Milestone Added:
avatar mbabker mbabker - head_ref_deleted - 9 Jan 2016

Add a Comment

Login with GitHub to post a comment