Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23266

Display the hashed password only for SUPER user

    XMLWordPrintable

    Details

      Description

      Displaying the hashed password is a security vulnerability flag. This would prevent obtaining FedRamp compliance approval.

      Especially when using proxied user, it should not be possible to see the hashed password of the real user. Regardless of the difficulty of determining the real password from the hashed password, this exposure should be prevented.

        Attachments

          Activity

            People

            Assignee:
            ralf.gebhardt@mariadb.com Ralf Gebhardt
            Reporter:
            anel Anel Husakovic
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration