Project

General

Profile

Actions
Copy link

Bug #21335

closed

Knowing the md5 hash of the password, it is possible to gain access to the install tool

Added by Ernesto Baschny about 15 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Ernesto Baschny
Category:
-
Target version:
-
Start date:
2009-10-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Solution is to use PHP sessions instead and make these "secure".

Reported by: Bernhard Kraft
Security Team OTRS reference: 2009050410000038
(issue imported from #M12309)

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #21384: Warning issued on first load of install toolClosedErnesto Baschny2009-10-27

Actions
Related to TYPO3 Core - Bug #21627: Install tool password not accepted when PHP safe mode is enabledClosed2009-11-20

Actions
Actions
Copy link
 #1

Updated by Ernesto Baschny about 15 years ago

Commited to:
trunk (rev.6252 = beta2)
TYPO3_4-2 (rev.6253 = 4.2.10)
TYPO3_4-1 (rev.6254 = 4.1.11)

Actions
Copy link

Also available in: Atom PDF