Hacker News new | ask | show | jobs
by madsbuch 1214 days ago
Again, not necessarily. This depends on the hashing scheme you use. Eg. if setting a correct password hash relies on you having access to private keys.
1 comments
bawolff 1214 days ago
No it does not.

Either you allow bcrypt hashes, or this bug is inapplicable. If you are encrypting your hashes or something, then this bug cannot be leveraged.

link
madsbuch 1210 days ago
Yes, for this very specific bug. This thread taked about having access to the database as a general attack vector.
link