Skip to content

Fixed #18182 -- Raw password echoed on authentication if no hashing used #34

Closed
wants to merge 1 commit into from

1 participant

@MoritzS
MoritzS commented May 1, 2012

contrib.auth.hashers.is_password_usable now checks if the encoded string
contains a $ character. For backward compatibilty to unsalted md5 hashes all
encoded 32-character-long strings without a $ character are assumed to be
usable. check_password won't return True for a 32-character-long plain
password, though.

@MoritzS MoritzS Fixed #18182 -- Raw password echoed on authentication if no hashing used
contrib.auth.hashers.is_password_usable now checks if the encoded string
contains a $ character. For backward compatibilty to unsalted md5 hashes all
encoded 32-character-long strings without a $ character are assumed to be
usable. check_password won't return True for a 32-character-long plain
password, though.
99982c2
@MoritzS MoritzS closed this May 1, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.