The password storage vulnerability is not fixed. Passwords are not being hashed by Argon2 correctly.
Ensure the Argon2 hashing function is being called correctly. See the Remediation step for specific code examples on how to call the function; ensure the arguments you are providing are the correct type. Verify that you are inserting the hash into the
password column within the
Register a new user and look at the User Registry tab. If you are calling the hashing function correctly, the password column should contain a hash that looks similar to this:
Ensure the different parts that make up the hash string are the expected values:
Variation should be
Memory cost should be
Time cost should be
If any of these values do not match what you see in the password column, examine your
register function for bugs.