TYPO3 Core

In a brand new TYPO3 v9.5.0-dev instance, a BE user with administrator privileges can login, access any function of the Install Tool (e.g. ADMIN TOOLS → Environment → Environment Overview) without explicitly enabling the Install Tool, then logging out from the backend again. At that point, the user can walk away from his/her desk under the assumption that he's fully logged out from the system.

However, this is not the case: by simply entering /typo3/install, the user (or an "evil colleague") can access the Install Tool without further authentication.

I reported a similar issue in earlier versions of TYPO3, which was rejected on the grounds that "Administrators should know that the Install Tool and the TYPO3 backend are two separate things." However, with TYPO3 v9 this system behavior got even worse from a security perspective. Administrator users can't see/feel that these are two different components anymore. On top of that, they don't even need to explicitly enable the Install Tool when logged-in at the backend ("Do you want to create the ENABLE_INSTALL_TOOL file?").

Also, I could not find an option to lock the Install Tool anymore.

Therefore, I decided to put this topic back on the table for re-consideration, because I believe this is bad practice/system design from a security perspective :-)