Hashing the passwords (Do not store in clear text)

Submitted by -
Status: Implemented

Please don't store the passwords (admin/user/...) in clear text (if anybody manages to get into the machine hosting the controller, people will have a leak).

Passwords should be salted and hashed, and the password reset functionality could be done through a script that will simply set a new password in the database.

Comments
by
on ‎07-09-2015 07:23 AM

 Seriously?   You're worried about someone getting the passwords once they've already hacked your controller to get into the database?  That's like complaining that I can change the passwords on your server if I'm already logged in as root - if that happens, it's already too late and password hashing is the least of  your problems...

Jim

by
‎07-09-2015 07:27 AM - edited ‎07-10-2015 12:09 AM

Why root?

 

1. Its also in the backup of the server .. that could be on an other server

2. try /usr/bin/mongo --port 27117

 

And maybe the user uses the password also on an other server (sure not good, but common) it is really bad coding to not salt and hash a password.

 

ps: If you want to know how to get the password - take a look at http://robert.penz.name/1114/looking-for-a-way-to-change-an-email-address-and-found-clear-text-admin...

 

 

by
on ‎01-15-2016 01:14 PM

Was this ever changed?

by
on ‎01-17-2016 08:52 PM

@UBNT-Cody,


Since you were the last UBNT employee to comment on this, I figured you'd be the best person to ask...

 

As @bw1 has also asked, has this feature request been fulfilled?

 

 

Mark H

by Ubiquiti Employee
on ‎01-17-2016 09:22 PM

It's being worked on.  Will be in Alpha soon.  The GA release of 4.8.X is currently blocking it.

 

Once that is out, this will be on the hit list.

 

Best Regards,

Brandon

by
‎01-18-2016 01:19 AM - edited ‎01-18-2016 01:19 AM

@eejim "You're worried about someone getting the passwords once they've already hacked your controller to get into the database?"

Yes, I am, because getting into the controller or the database does not necessarily mean that the intruder has the passwords listed in the controller database. Getting those passwords however may allow the intruder access to even more systems! (Not in my case since I use different randomised passwords everywhere, but not everybody will have that safety in place.)

 

"That's like complaining that I can change the passwords on your server if I'm already logged in as root"

No, it isn't. Being able to change the passwords on the system once you've become root is unavoidable. Being able to (easily) retrieve the actual password value is, by salting and hashing the password as described. (Windows, Linux and MacOS do this for their user credential stores for that exact reason.)

 

@UBNT-Brandon Awesome! Let me know if you need somebody to test it (password reset, ...).

by Ubiquiti Employee
on ‎03-18-2016 08:58 PM
Status changed to: Accepted
 
by Ubiquiti Employee
on ‎03-18-2016 08:59 PM

This is now in Beta.

by
on ‎03-19-2016 03:02 AM
Thanks for the heads up. I already tested it in alpha and it's perfect (can't get much better than salted SHA512).
by Ubiquiti Employee
on ‎03-19-2016 08:37 AM
Awesome; thanks!