Project

General

Profile

Actions
Copy link

Bug #22030

closed

Authentication Bypass in frontend user authentication (sysext:saltedpasswords)

Added by Marcus Krause over 14 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Marcus Krause
Category:
-
Target version:
-
Start date:
2010-01-30
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Knowing a salted hashed password is sufficient to authenticate a Frontend user when using activated sytem extension saltedpassword in the frontend.

Copy a salted hashed password from a FE user record. Make a login attempt with username and this copied salted password hash.

Due to regularily dealing with SQL Injection issues, we obviously want to prevent such bypassing.

Reported by Sven Haertwig

Vulnerable TYPO3 Core versions: 4.3.0, 4.3.1

TYPO3 Security OTRS X-Reference: #2010013010000011
(issue imported from #M13372)

Files

Download all files
0013372.diff (2.72 KB) 0013372.diff Administrator Admin, 2010-01-30 12:17
0013372-v2.diff (2.26 KB) 0013372-v2.diff Administrator Admin, 2010-02-01 16:59

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #51941: Exclusive FE usage flag in configuration has no effectClosed2013-09-12

Actions
Related to TYPO3 Core - Bug #73673: Service chaining impossible with SaltedPasswordServiceClosed2016-02-25

Actions
Actions
Copy link

Also available in: Atom PDF