[Koha-bugs] [Bug 33352] Password sent by message (accdetails) without decryption
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Mar 29 01:24:16 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33352
David Cook <dcook at prosentient.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dcook at prosentient.com.au
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
Blowfish isn't an encryption algorithm; it's a hashing algorithm. It computes
data only in one direction. You can't reverse the password hash without trying
to hack/crack it.
So the problem here isn't "the password is sent without being [decrypted]". The
problem is that the password hash is being sent instead of the cleartext
password. However, you shouldn't be sending out cleartext passwords by email.
That's why in Koha 21.11.05, due to bug 27812, you can no longer send out
cleartext passwords using ACCTDETAILS.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list