Bug #21335

Knowing the md5 hash of the password, it is possible to gain access to the install tool

Added by Ernesto Baschny over 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Must have
Category:
-
Target version:
-
Start date:
2009-10-22
Due date:
% Done:

0%

TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Solution is to use PHP sessions instead and make these "secure".

Reported by: Bernhard Kraft
Security Team OTRS reference: 2009050410000038
(issue imported from #M12309)


Related issues

Related to TYPO3 Core - Bug #21384: Warning issued on first load of install tool Closed 2009-10-27
Related to TYPO3 Core - Bug #21627: Install tool password not accepted when PHP safe mode is enabled Closed 2009-11-20

History

#1 Updated by Ernesto Baschny over 10 years ago

Commited to:
trunk (rev.6252 = beta2)
TYPO3_4-2 (rev.6253 = 4.2.10)
TYPO3_4-1 (rev.6254 = 4.1.11)

Also available in: Atom PDF