Bug #21335

Knowing the md5 hash of the password, it is possible to gain access to the install tool

Added by Ernesto Baschny almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Must have
Category:
-
Target version:
-
Start date:
2009-10-22
Due date:
% Done:

0%

TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Solution is to use PHP sessions instead and make these "secure".

Reported by: Bernhard Kraft
Security Team OTRS reference: 2009050410000038
(issue imported from #M12309)


Related issues

Related to TYPO3 Core - Bug #21384: Warning issued on first load of install tool Closed 2009-10-27
Related to TYPO3 Core - Bug #21627: Install tool password not accepted when PHP safe mode is enabled Closed 2009-11-20

History

#1 Updated by Ernesto Baschny almost 10 years ago

Commited to:
trunk (rev.6252 = beta2)
TYPO3_4-2 (rev.6253 = 4.2.10)
TYPO3_4-1 (rev.6254 = 4.1.11)

Also available in: Atom PDF