Bug #15062
closed
Encryption key revealed in indexed search results
0%
Description
the value of the encryptionKey shows up in search results.
It seems that the encryptionKey only shows up with cHash.
(issue imported from #M1616)
Updated by Michael Stucki about 19 years ago
Which version are you using? I'm pretty sure this has been fixed in 3.8.0.
Updated by Christian J¼rges about 19 years ago
typo3 version 3.8.
Version is index_search 2.1.3. (Local)
Have a look here:
http://www.srg.xwave.ch/
Search for "wemf"...
First hit contains the encryption key.
http://www.srg.xwave.ch/125.0.html?&L=0&L=0&encryptionKey=<secret>&tx_ttnews[backPid]=8&tx_ttnews[tt_news]=462&cHash=445d6f8aa8
Probably you are right. As the project started, we still used 3.7. Later we made the upgrade to 3.8. But the indexed_search extension is probably still from 3.7...
Updated by Christian J¼rges about 19 years ago
yes, you are right. I removed the 3.7 version and activated the 3.8 global version and the problem was gone...
What's a little bit confusing. Why have these different versions the same version number 2.1.3 ?
Sorry for any inconvenience...
Updated by Michael Stucki about 19 years ago
I can't look at this right now but since this might be security related, I'll change this bug to private.
Updated by Michael Stucki about 19 years ago
Ummm, I think I should have read the 2nd comment before starting to act! ;-)
Good to know it's not an issue.