SS-2016-008: Password encryption salt expiry
- Severity:
- Low (?)
- Identifier:
- ss-2016-008
- Versions Affected:
- 3.1.19, 3.2.4, 3.3.2. 3.4.0
- Versions Fixed:
- 3.1.20, 3.2.5, 3.3.3. 3.4.1
- Release Date:
- 2016-08-15
When a user changes their password, the internal salt used for hashing their password is not updated.
Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of password.
Credit to Jono Menz.
