Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23266

Display the hashed password only for SUPER user

    XMLWordPrintable

Details

    Description

      Displaying the hashed password is a security vulnerability flag. This would prevent obtaining FedRamp compliance approval.

      Especially when using proxied user, it should not be possible to see the hashed password of the real user. Regardless of the difficulty of determining the real password from the hashed password, this exposure should be prevented.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-26255 show the authentication info in SHOW CREATE USER, but not in SHOW GRANTS

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              ralf.gebhardt Ralf Gebhardt
              anel Anel Husakovic
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.