[wp-trac] [WordPress Trac] #63203: Application Passwords BC Break in 6.8's new hashing
WordPress Trac
noreply at wordpress.org
Thu Apr 3 13:51:46 UTC 2025
#63203: Application Passwords BC Break in 6.8's new hashing
--------------------------------------+--------------------------
Reporter: snicco | Owner: johnbillion
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.8
Component: Application Passwords | Version: trunk
Severity: major | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+--------------------------
Changes (by johnbillion):
* status: accepted => closed
* resolution: => fixed
Comment:
In [changeset:"60123" 60123]:
{{{
#!CommitTicketReference repository="" revision="60123"
Application Passwords: Correct the fallback behaviour for application
passwords that don't use a generic hash.
Application passwords that aren't hashed using BLAKE2b should be checked
using `wp_check_password()` rather than assuming they were hashed with
phpass. This provides full back compat support for application passwords
that were created via an overridden `wp_hash_password()` function that
uses an alternative hashing algorithm.
Props snicco, debarghyabanerjee, peterwilsoncc, jorbin, johnbillion.
Fixes #63203
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63203#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list