Project

General

Profile

Actions

Bug #21335

closed

Knowing the md5 hash of the password, it is possible to gain access to the install tool

Added by Ernesto Baschny over 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Must have
Category:
-
Target version:
-
Start date:
2009-10-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Solution is to use PHP sessions instead and make these "secure".

Reported by: Bernhard Kraft
Security Team OTRS reference: 2009050410000038
(issue imported from #M12309)


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #21384: Warning issued on first load of install toolClosedErnesto Baschny2009-10-27

Actions
Related to TYPO3 Core - Bug #21627: Install tool password not accepted when PHP safe mode is enabledClosed2009-11-20

Actions
Actions #1

Updated by Ernesto Baschny over 14 years ago

Commited to:
trunk (rev.6252 = beta2)
TYPO3_4-2 (rev.6253 = 4.2.10)
TYPO3_4-1 (rev.6254 = 4.1.11)

Actions

Also available in: Atom PDF