9835e2b Ticket 49027 - on secfailure do not store cleartext password content

Authored and Committed by William Brown 5 years ago
    Ticket 49027 - on secfailure do not store cleartext password content
    
    Bug Description:  During development of the pbkdf2 module, I noticed that when
    the backend was unable to hash the password content, the password was stored as
    {CLEAR}<password> into the database. This may be considered a leak of password
    material as we write it clear text to disk.
    
    Fix Description:  If the pw_enc callback from the password module returns any
    value except 0, we return an unwilling to perform, and generate an error to the
    error log. This prevents the leak, and notifies the admin and user of the
    issue quickly.
    
    https://fedorahosted.org/389/ticket/49027
    
    Author: wibrown
    
    Review by: nhosoi (Thanks!)
    
        
file modified
+5 -1
file modified
+5 -1