[Catalyst] Security issue with hashed passwords in C:P:A:Password
Evan Carroll
lists at evancarroll.com
Wed Mar 24 15:27:45 GMT 2010
> P.S. Yes, I appreciate that the attack surface is fairly limited here, bit I
> feel the point still holds.
I disagree, I wouldn't want to extend my fame into publicizing a
massive security vulnerability. I think this one stems from a
misunderstanding of salting. I've forked C:P:A on gitpan and I'll
probably port some (or all) of it to Moose along with my own fix to
this soonish.
> P.P.S. I expect to be uploading a fix this in the next 24-48 hours for
> anyone who concerned that evil people in possession of their application
> configuration are generating the relevant rainbow tables right now...
--
Evan Carroll
System Lord of the Internets
More information about the Catalyst
mailing list