Project

General

Profile

Actions

Bug #11167

closed

Insecure default values for user certificates created via User Manager

Added by Jim Pingle about 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
User Manager / Privileges
Target version:
Start date:
12/15/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

When creating a user certificate for a new user under System > User Manager (system_usermanager.php) the default values for Key Length and Digest Algorithm are insecure.

Key Length should default to 2048

Digest Algorithm should default to sha256

This will match the default values on system_certmanager.php.

Actions #1

Updated by Jim Pingle about 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Danilo Zrenjanin almost 4 years ago

  • Status changed from Feedback to Resolved

Tested on the latest snapshot.

It looks fine now. When creating a new user certificate under System > User Manager:

The Key Length default value is 2048
The Digest Algorithm default value is sha256

Ticket resolved.

Actions

Also available in: Atom PDF