Affected by GO-2022-0453 and 19 other vulnerabilities

GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

GO-2025-3427: ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd

GO-2025-3433: Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

password

package

v2.3.2 Latest Latest Go to latest Published: Mar 23, 2022 License: Apache-2.0 Imports: 3 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

func HashPassword(password string) (string, error)
func VerifyPassword(password, hashedPassword string) (valid, stale bool)
type BcryptPasswordHasher
- func (h BcryptPasswordHasher) HashPassword(password string) (string, error)
- func (h BcryptPasswordHasher) VerifyPassword(password, hashedPassword string) bool
type DummyPasswordHasher
- func (h DummyPasswordHasher) HashPassword(password string) (string, error)
- func (h DummyPasswordHasher) VerifyPassword(password, hashedPassword string) bool
type PasswordHasher

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HashPassword ¶

func HashPassword(password string) (string, error)

HashPassword hashes against the current preferred hasher.

func VerifyPassword ¶

func VerifyPassword(password, hashedPassword string) (valid, stale bool)

VerifyPassword verifies an entered password against a hashed password and returns whether the hash is "stale" (i.e., was verified using the FIRST preferred hasher above).

Types ¶

type BcryptPasswordHasher ¶

type BcryptPasswordHasher struct {
	Cost int
}

BcryptPasswordHasher handles password hashing with Bcrypt. Create with `0` as the work factor to default to bcrypt.DefaultCost at hashing time. The Cost field represents work factor.

func (BcryptPasswordHasher) HashPassword ¶

func (h BcryptPasswordHasher) HashPassword(password string) (string, error)

HashPassword creates a one-way digest ("hash") of a password. In the case of Bcrypt, a pseudorandom salt is included automatically by the underlying library. For security reasons, the work factor is always at _least_ bcrypt.DefaultCost.

func (BcryptPasswordHasher) VerifyPassword ¶

func (h BcryptPasswordHasher) VerifyPassword(password, hashedPassword string) bool

VerifyPassword validates whether a one-way digest ("hash") of a password was created from a given plaintext password.

type DummyPasswordHasher ¶

type DummyPasswordHasher struct{}

DummyPasswordHasher is for testing ONLY. DO NOT USE in a production context.

func (DummyPasswordHasher) HashPassword ¶

func (h DummyPasswordHasher) HashPassword(password string) (string, error)

HashPassword creates a one-way digest ("hash") of a password. In the case of Bcrypt, a pseudorandom salt is included automatically by the underlying library.

func (DummyPasswordHasher) VerifyPassword ¶

func (h DummyPasswordHasher) VerifyPassword(password, hashedPassword string) bool

VerifyPassword validates whether a one-way digest ("hash") of a password was created from a given plaintext password.

type PasswordHasher ¶

type PasswordHasher interface {
	HashPassword(string) (string, error)
	VerifyPassword(string, string) bool
}

PasswordHasher is an interface type to declare a general-purpose password management tool.

Source Files ¶

View all Source files

password.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL