-
Improvement
-
Resolution: Fixed
-
Blocker
-
4.3
-
MOODLE_403_STABLE
-
MOODLE_403_STABLE
-
master_
MDL-79134 -
-
1
-
Team Hedgehog 2023 Sprint 3.1
-
Small
MDL-67390 introduces updated password hashing to use SHA-512 algorithm. As part of the upgrade step in this issue any remaining md5 hashes in the Moodle database are replaced with a randomly generated SHA-512 has.
However, by setting the $CFG->includeuserpasswordsinbackup someone could have a (very) legacy backup file containing an md5 password. Restoring this backup would introduce md5 hashes back into the database.
Because these users won't be able to login unless they reset their password anyway, we should protect against md5 hashes being added to the DB.
- is blocked by
-
MDL-67390 Update password hashing to SHA-512
- Closed