Details
-
Improvement
-
Resolution: Done
-
High
-
5.4.10, 1.7.5, 2017.10, 1.12.0
-
None
Description
Both new stack and legacy default to MD5 if the hash type is not recognised, with no warning.
We should throw an exception here, or (legacy) default to PASSWORD_HASH_PHP_DEFAULT aka. bcrypt and log an error.
Attachments
Issue Links
- discovered while testing
-
EZP-24744 Increase password security
- Closed