Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-5048ED45-B0F1-11ED-AB04-9106B1B896DD: gitea -- password hash quality

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

FreeBSD: VID-5048ED45-B0F1-11ED-AB04-9106B1B896DD: gitea -- password hash quality

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

02/14/2022

Created

02/22/2023

Added

02/21/2023

Modified

02/21/2023

Description

The Gitea team reports:

This PR refactors and improves the password hashing code within

gitea and makes it possible for server administrators to set the

password hashing parameters.

In addition it takes the opportunity to adjust the settings for

pbkdf2 in order to make the hashing a little stronger.

Add command to bulk set must-change-password

As part of administration sometimes it is appropriate to

forcibly tell users to update their passwords.

This PR creates a new command gitea admin user

must-change-password which will set the MustChangePassword flag on

the provided users.

Solution(s)

freebsd-upgrade-package-gitea

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-5048ED45-B0F1-11ED-AB04-9106B1B896DD: gitea -- password hash quality

FreeBSD: VID-5048ED45-B0F1-11ED-AB04-9106B1B896DD: gitea -- password hash quality

Description

Solution(s)

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.