Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2016-008: Password encryption salt expiry

Severity:
Low (?)
Identifier:
ss-2016-008
Versions Affected:
3.1.19, 3.2.4, 3.3.2. 3.4.0
Versions Fixed:
3.1.20, 3.2.5, 3.3.3. 3.4.1
Release Date:
2016-08-15

When a user changes their password, the internal salt used for hashing their password is not updated.

Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of password.

Credit to Jono Menz.