[MDEV-12701] ACL secured by SHA1 algorithm too weak/out dated - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Critical
Resolution: Duplicate
Fix Version/s: 10.1.22, 10.2.5
Component/s: Authentication and Privilege System, Plugins
Labels:
- PCI
- audit
- sha1

Description

SHA1 is known as unsecure/weak.
There should be a secure hashing alternative.

PCI Certified Enterprises can expect problems with auditing.

https://www.heise.de/security/meldung/Todesstoss-Forscher-zerschmettern-SHA-1-3633589.html
https://shattered.it/

Attachments

Issue Links

is duplicated by

MDEV-12160 Modern alternative to the SHA1 authentication plugin

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Adam Kubina

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017-05-05 09:23

Updated:: 2017-05-05 12:35

Resolved:: 2017-05-05 12:34

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.