Bug #21335

Knowing the md5 hash of the password, it is possible to gain access to the install tool

Added by Ernesto Baschny over 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Must have
Category:
-
Target version:
-
Start date:
2009-10-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Solution is to use PHP sessions instead and make these "secure".

Reported by: Bernhard Kraft
Security Team OTRS reference: 2009050410000038
(issue imported from #M12309)


Related issues

Related to TYPO3 Core - Bug #21384: Warning issued on first load of install toolClosedErnesto Baschny2009-10-27

Actions
Related to TYPO3 Core - Bug #21627: Install tool password not accepted when PHP safe mode is enabledClosed2009-11-20

Actions
#1

Updated by Ernesto Baschny over 11 years ago

Commited to:
trunk (rev.6252 = beta2)
TYPO3_4-2 (rev.6253 = 4.2.10)
TYPO3_4-1 (rev.6254 = 4.1.11)

Also available in: Atom PDF