[wp-trac] [WordPress Trac] #63203: Application Passwords BC Break in 6.8's new hashing
WordPress Trac
noreply at wordpress.org
Thu Apr 3 14:37:03 UTC 2025
#63203: Application Passwords BC Break in 6.8's new hashing
-------------------------------------------------+-------------------------
Reporter: snicco | Owner:
| johnbillion
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.8
Component: Application Passwords | Version: trunk
Severity: major | Resolution: fixed
Keywords: has-patch has-unit-tests dev- | Focuses:
reviewed |
-------------------------------------------------+-------------------------
Changes (by johnbillion):
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"60125" 60125]:
{{{
#!CommitTicketReference repository="" revision="60125"
Application Passwords: Correct the fallback behaviour for application
passwords that don't use a generic hash.
Application passwords that aren't hashed using BLAKE2b should be checked
using wp_check_password() rather than assuming they were hashed with
phpass. This provides full back compat support for application passwords
that were created via an overridden wp_hash_password() function that uses
an alternative hashing algorithm.
Reviewed by audrasjb.
Merges [60123] into the 6.8 branch.
Props snicco, debarghyabanerjee, peterwilsoncc, jorbin, johnbillion.
Fixes #63203
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63203#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list