Summary
Authentication/signature logic relied on MD5/SHA1 defaults in multiple ACL/auth flows.
Severity
High
Affected Files
cmdb-api/api/models/acl.py, cmdb-api/api/lib/http_cli.py, cmdb-api/api/lib/perm/acl/acl.py, cmdb-api/api/lib/perm/acl/app.py
Recommended Remediation
Move defaults to bcrypt/SHA-256 while keeping legacy compatibility checks to avoid breaking existing integrations.
Patch Branch
codex/sec-auth-hash-upgrade
Patch Commit
c858f90
Fork Branch URL
https://github.com/lhy8888/cmdb-security-fork/tree/codex/sec-auth-hash-upgrade
Summary
Authentication/signature logic relied on MD5/SHA1 defaults in multiple ACL/auth flows.
Severity
High
Affected Files
cmdb-api/api/models/acl.py, cmdb-api/api/lib/http_cli.py, cmdb-api/api/lib/perm/acl/acl.py, cmdb-api/api/lib/perm/acl/app.py
Recommended Remediation
Move defaults to bcrypt/SHA-256 while keeping legacy compatibility checks to avoid breaking existing integrations.
Patch Branch
codex/sec-auth-hash-upgrade
Patch Commit
c858f90
Fork Branch URL
https://github.com/lhy8888/cmdb-security-fork/tree/codex/sec-auth-hash-upgrade