Changes between Version 1 and Version 2 of Ticket #34661


Ignore:
Timestamp:
Jun 16, 2023, 12:18:32 PM (17 months ago)
Author:
Fatih Erikli
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #34661 – Description

    v1 v2  
    2525
    2626There is one more element needed for hashing the password, **pepper**, should be django project specific. Even when a database is exposed, the attacker will not be able to lookup the known passwords, since they don't have the secret pepper key.
    27 
    28 This causes CWE-760: Use of a One-Way Hash with a Predictable Salt [https://cwe.mitre.org/data/definitions/760.html].
Back to Top