Project

General

Profile

Actions

Bug #22328

closed

wrong md5-hash of md5.js, frontend-, backend-login

Added by Sebastian over 13 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
Start date:
2010-03-25
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
4.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The md5-calculation produces wrong, it belongs to the used characters.

Following characters produces this failure:
äöüÄÖܧáÁ and many more.
These characters are not forbidden.

The md5.js is also used to send the backend-password.

Due the failure of md5.js it could be easier to descend the password-algorythm.

Following characters are availible:
01234567890123456789012345678901!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ [\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
All other characters produces a wrong hash.

As fe-users want to change their password, I've noticed this problem in affinity with Issue #0012206.

It's not possible to replace the md5.js simple.
All hashed passwords are written in the wrong md5-code, that means, all users have to retype their password on login or have to receive automatically a new password...

See:
http://www.typo3.net/index.php?id=13&action=list_post&tid=70355&page=2%29
language: german, the problem occurs on usernames with specialchars/umlauts.

Attached is the old md5.js and a new one with no failure.
(issue imported from #M13917)


Files

md5.zip (4.97 KB) md5.zip Administrator Admin, 2010-03-25 18:36

Related issues 4 (0 open4 closed)

Related to TYPO3 Core - Bug #22187: rsaauth doesn't work with special characters (like ä ü ö § ) in passwordClosedChristian Kuhn2010-02-25

Actions
Related to TYPO3 Core - Bug #14256: special characters in username not checkedClosedSteffen Gebert2004-07-28

Actions
Related to TYPO3 Core - Task #30799: Make sure md5.js is allowed to be shipped with TYPO3ClosedXavier Perseguers2011-10-11

Actions
Is duplicate of TYPO3 Core - Bug #17422: FE-login doesn't workClosed2007-06-28

Actions
Actions #1

Updated by Marcus Krause over 13 years ago

set view state to public as it is a known (& unfortunately still unresolved) problem

Actions #2

Updated by Sebastian over 13 years ago

I think it's related to #0005865:
- if the md5.js always returns the hash, the hash should be always the same.
It seems, in #0005865 the md5-hash was created by md5.js and (!) the serverside md5.

The interaction between md5.js and serverside md5 isn't typically typo3 and isn't a matter of this issue, because the password-hash should be only calculated on clientside.

Actions #3

Updated by Chris topher over 13 years ago

Here is another md5 script: http://www.webtoolkit.info/javascript-md5.html
It should work.

Actions #4

Updated by Stefan Neufeind about 12 years ago

  • % Done changed from 0 to 50

We tried the one from webtoolkit.info. Works like a charme.

Do we need to worry about licensing in this case? (I guess so.)
Or could we simply exchange it by a commit?

The current MD5-implementation is done "fundamentally different", so it's not like adding one more line to the existing one or so. (The one from webtoolkit.info is even quite a bit shorter :-))

Actions #5

Updated by Mr. Hudson about 12 years ago

Patch set 1 of change I8f71673f60f22e39862ca2a447f496159b8079bb has been pushed to the review server.
It is available at http://review.typo3.org/5665

Actions #6

Updated by Mr. Hudson about 12 years ago

Patch set 2 of change I8f71673f60f22e39862ca2a447f496159b8079bb has been pushed to the review server.
It is available at http://review.typo3.org/5665

Actions #7

Updated by Xavier Perseguers about 12 years ago

  • Status changed from New to Under Review
  • Target version changed from 4.6.0 to 4.6.0-RC1
Actions #8

Updated by Mr. Hudson about 12 years ago

Patch set 1 of change I3b75a14403791bb9aa2cb26972ac95fa74d74db2 has been pushed to the review server.
It is available at http://review.typo3.org/5691

Actions #9

Updated by Mr. Hudson about 12 years ago

Patch set 1 of change Ib7b983340f2fd82698fd48967c0be61a8fc822b8 has been pushed to the review server.
It is available at http://review.typo3.org/5692

Actions #10

Updated by Stefan Neufeind about 12 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 50 to 100
Actions #11

Updated by Ernesto Baschny almost 12 years ago

  • Target version changed from 4.6.0-RC1 to 4.5.11
Actions #12

Updated by Riccardo De Contardi about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF