Serious bug? Password not being salted after registration

huwhuw
OFFLINE
Posts: 5
Thanks: 1
Karma: 0

10 years 11 months ago #238503 by huwhuw

Serious bug? Password not being salted after registration was created by huwhuw

Hi when a user registers on joomla3.2 via CB 1.9.1 the registration username and password they supplied does not allow them to login.
I checked the jos_users table and sure enough the supplied password for the test user was hashed to md5 but no salt -e.g. fb64dae0fcd9a7ef125618f5552b0f53
An admin has to go in to their profile in the backend and change their password to allow them to login.

How can i ensure CB add the salt to the password on registration?

Please Log in or Create an account to join the conversation.

huwhuw
OFFLINE
Posts: 5
Thanks: 1
Karma: 0

10 years 11 months ago - 10 years 11 months ago #238534 by huwhuw

Replied by huwhuw on topic SOLVED : Serious bug? Password not being salted after registration

Ok the solution to this is to enable strong password encryption on Joomla 3.2
When you install it you get the post installation message:

As a security feature, Joomla 3.2 allows you to switch to strong password encryption.
To turn strong passwords on click on the button below. Alternatively you can edit the User - Joomla plugin and change the strong password setting to On.
Before enabling you should verify that all third party registration/login, user management or bridge extensions installed on your site support this strong password encryption.

Make sure its turned on or CB registration wont work

Last edit: 10 years 11 months ago by huwhuw.

Please Log in or Create an account to join the conversation.

Moderators: beat, nant, krileon