[wp-trac] [WordPress Trac] #63457: WordPress 6.8 will fail creating bcrypt when entropy sources are not available
WordPress Trac
noreply at wordpress.org
Sat May 17 15:17:27 UTC 2025
#63457: WordPress 6.8 will fail creating bcrypt when entropy sources are not
available
--------------------------+-----------------------------
Reporter: isgroup | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 6.8
Severity: normal | Keywords: bcrypt
Focuses: |
--------------------------+-----------------------------
Regarding to: https://make.wordpress.org/core/2025/02/17/wordpress-6-8
-will-use-bcrypt-for-password-hashing/
If /dev/urandom is not available (for example) the database field will be
set to "$wp", making impossible for users to login.
This may happen in chroots or other container/vm/jail systems.
The error generates is:
[Sat May 17 XXX 2025] [proxy_fcgi:error] [pid XXX] [client XXX] AH01071:
Got error 'PHP message: PHP Warning: password_hash(): Unable to generate
salt in /wp-includes/pluggable.php on line 2709'
But the application does not fail and simply puts "$wp" in the "user_pass"
column.
This happens every time wp_hash_password() is used (user creation, change
password, etc).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63457>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list