[buddypress-trac] [BuddyPress Trac] #6111: User can input old password as new
buddypress-trac
noreply at wordpress.org
Mon Jan 12 19:07:43 UTC 2015
#6111: User can input old password as new
--------------------------+------------------------------
Reporter: slaFFik | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Settings | Version:
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by r-a-y):
That would require keeping track of passwords.
If we decided to do this, do we keep this as a user meta entry with an
array of the older hashed passwords? This doesn't sound good from a
security standpoint:
http://resources.infosecinstitute.com/wordpress-password-hashes/
The default hashing algorithm can be cracked with brute-force.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6111#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list