New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists

Item10494: htpasswd emails lost if changing to htdigest auth

Priority: Normal
Current State: Closed
Released In: 1.1.3
Target Release: patch
Applies To: Engine
Component: FoswikiUIPasswords
Reported By: GeorgeClark
Waiting For:
Last Change By: KennethLavrsen doesn't detect that the existing password file might be in htpasswd format id:password:emails, so if the password method is changed to "MD5" which implements htdigest encoding, email addresses are interpreted as the password hash and overwritten by the new password when ResetPassword is used.

When reading in .htpasswd as a "MD5" htdigest formatted file, if the email is missing, and there is an @ in the password hash, use the password field to recover the emails.

-- GeorgeClark - 17 Mar 2011


ItemTemplate edit

Summary htpasswd emails lost if changing to htdigest auth
ReportedBy GeorgeClark
SVN Range
AppliesTo Engine
Component FoswikiUIPasswords
Priority Normal
CurrentState Closed
Checkins distro:19b60860ba92 distro:246bbbf0b99f
TargetRelease patch
ReleasedIn 1.1.3
Topic revision: r4 - 16 Apr 2011, KennethLavrsen - This page was cached on 03 May 2018 - 09:27.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License