git.ipfire.org Git - ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Tue, 6 May 2025 14:10:09 +0000 (16:10 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 7 May 2025 09:01:30 +0000 (09:01 +0000)
commit	6c1549ff7a9c8e3f9f17a29a6b169fce175fea42
tree	c9ba79fb1c1f558987dab29536f22698b0c2822a	tree
parent	c45de047a62d34fcbb2bca252eccf79a439fc3e7	commit \| diff

chpasswd.cgi: Fixes bug12755 - proxy auth password problem longer than 8 chars

- The existing version of the perl module Apache::Htpasswd was using the crypt hash for
   the password hashing, which is very insecure. The only alternative with this module
   is the md5 and sha1 hashes which are also considered weak now.
- The module was last updated in Nov 2012 and there is no alternative module available.
- This patch replaces that perl module with using the apache htpasswd program. This can
   be set to use the bcrypt hash which is considered secure. This is used for the
   generation of the root and admin passwords during the IPFire install.
- Tested out on my vm testbed system and the password for a specific user name was
   changed successfully without any restriction to the length of the password.
- Existing passwords with the existing md5 or crypt options will still work as htpasswd
   can manage different encoding hashes in the one file.

Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>