Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Bug]: HASHED_PASSWORD vs SUDO_PASSWORD_HASH; Same hash string provided but only the HASHED_PASSWORD works...
See original GitHub issueIs there an existing issue for this?
- I have searched the existing issues
OS/Web Information
- Web Browser: Chrome
- Local OS: windows 10
- Remote OS Debian 11:
- Remote Architecture: amd64
- local build from dockerFile.
Steps to Reproduce
- define both has environment fields to the same value using $$ rather than $ and no enclosing “”
- access web portal and used initial value to login- successfully
- run
sudo apt updateusing the same value - Fails
Expected
Should perform an apt update
Actual
3 attempts then kicks out due to excessive password attempts
Logs
No response
Screenshot/Video
No response
Does this issue happen in VS Code or GitHub Codespaces?
- I cannot reproduce this in VS Code.
- I cannot reproduce this in GitHub Codespaces.
Are you accessing code-server over HTTPS?
- I am using HTTPS.
Notes
No response
Issue Analytics
- State:
- Created a year ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
[Bug]: Hashed passwords not being read correctly · Issue #5127
Defaulting to a blank string. Navigate to code server URL. Expected. Docker ...
Read more >Always return false on authentication with hashed password
Working with hashing password with sha256 and salt, my validate method always return false. While debugging I had noticed that on return it ......
Read more >Password Hashes — How They Work, How They're Hacked ...
Most passwords are hashed using a one-way hashing function. Hashing functions take the user's password and use an algorithm to turn it into...
Read more >Hashing in Action: Understanding bcrypt - Auth0
We use the industry-grade and battle-tested bcrypt algorithm to securely hash and salt passwords. bcrypt allows building a password security ...
Read more >CS 304 Bcrypt and Logins
His hashed password is exactly the same as Goyle's, so when the attacker hashes '123' and searches the password database, they get two...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Absolutely sorry about the confusion! For what it’s worth I found if I used an openssl hashing algorithm; it’s output worked in the sudo_hash field but not the one using the argon2-cli hashing like your code server base image uses. P.S. do you have any documentation on doing local builds from a dockerfile on your page? If not there may be some benefit of adding those details; just mentioned since this was tagged as documentation related xD
Ah darn…argon2 has been troublesome these days 😂
I don’t think so 🤔 You could look at this. Haha fair! PRs welcome 😉 (you know better than me what you wish were in the docs)