Changes between Initial Version and Version 1 of Ticket #34661
- Timestamp:
- Jun 16, 2023, 12:15:21 PM (17 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #34661 – Description
initial v1 26 26 There is one more element needed for hashing the password, **pepper**, should be django project specific. Even when a database is exposed, the attacker will not be able to lookup the known passwords, since they don't have the secret pepper key. 27 27 28 Is this a known issue? 28 This causes CWE-760: Use of a One-Way Hash with a Predictable Salt [https://cwe.mitre.org/data/definitions/760.html].