Details
-
Type:
Task
-
Status: Closed (View Workflow)
-
Priority:
Critical
-
Resolution: Duplicate
-
Component/s: Authentication and Privilege System, Plugins
Description
SHA1 is known as unsecure/weak.
There should be a secure hashing alternative.
PCI Certified Enterprises can expect problems with auditing.
https://www.heise.de/security/meldung/Todesstoss-Forscher-zerschmettern-SHA-1-3633589.html
https://shattered.it/
Attachments
Issue Links
- is duplicated by
-
MDEV-12160 Modern alternative to the SHA1 authentication plugin
-
- Closed
-