Project

General

Profile

Bug #11167

Insecure default values for user certificates created via User Manager

Added by Jim Pingle 4 months ago. Updated 4 months ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
User Manager / Privileges
Target version:
Start date:
12/15/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
Release Notes:
Default

Description

When creating a user certificate for a new user under System > User Manager (system_usermanager.php) the default values for Key Length and Digest Algorithm are insecure.

Key Length should default to 2048

Digest Algorithm should default to sha256

This will match the default values on system_certmanager.php.

Associated revisions

Revision 293c7335 (diff)
Added by Jim Pingle 4 months ago

Use stronger cert defaults when creating a user cert. Fixes #11167

History

#1 Updated by Jim Pingle 4 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#2 Updated by Danilo Zrenjanin 4 months ago

  • Status changed from Feedback to Resolved

Tested on the latest snapshot.

It looks fine now. When creating a new user certificate under System > User Manager:

The Key Length default value is 2048
The Digest Algorithm default value is sha256

Ticket resolved.

Also available in: Atom PDF