FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ikiwiki -- cleartext passwords

Affected packages
ikiwiki < 2.48


VuXML ID 90db9983-2f53-11dd-a0d8-0016d325a0ed
Discovery 2008-05-30
Entry 2008-06-01

The ikiwiki development team reports:

Until version 2.48, ikiwiki stored passwords in cleartext in the userdb. That risks exposing all users' passwords if the file is somehow exposed. To pre-emtively guard against that, current versions of ikiwiki store password hashes (using Eksblowfish).