Project

General

Profile

Actions
Copy link

Bug #23338

closed

felogin, rsaauth, saltedpassword and Internet Explorer 8 (IE) Password Manager

Added by Jan Schreier almost 14 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-08-02
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.4
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When using rsaauth the password gets decrypted with javascript before the password manager saves the password. Thus the saved password is the RSAed value. Next time the user tries to login it fails because the RSAed value is posted and RSAed a 2nd time.

In Firefox (4 beta 2) I had more troubles reproducing the error. I searched quite a bit but could not find a solution/explanaition for this issue.

(issue imported from #M15330)

Files

felogin_workaround.txt (993 Bytes) felogin_workaround.txt Administrator Admin, 2010-11-23 14:58
Actions
Copy link
 #1

Updated by Jens Neumann over 13 years ago

I can confirm this Bug for
- TYPO3 Version 4.4.2
- rsaauth 1.0.0
- saltedpasswords 1.0.0
- IE 8

Error Message from IE: "Message too long for RSA"
Look´s similar to the MD5 Problem with md5.js. But i can´t locate the proper JS.

Any ideas?

Actions
Copy link
 #2

Updated by Gernot Brandner over 13 years ago

IE saves passwords after onsubmit() is executed, thus it saves the encrypted password. The enrypted password seems to be to long to be encrypted again.

In FF (and pehaps most other browsers) the password is saved before onsubmit() is executed.

I wrote a little workaround (felogin_workaround.txt). (The javascript uses jQuery)
It isn't a real fix for IE, because with this workaround no password (empty string) is saved.

Actions
Copy link
 #3

Updated by Michael Voehringer over 13 years ago

I can reproduce this bug with safari 5.0.3 (mac) and typo3 4.4.6.

Actions
Copy link
 #5

Updated by Nicole Cordes over 10 years ago

  • Category deleted (Communication)
  • Status changed from New to Closed
  • Target version deleted (0)

As saving the encrypted key isn't supported due to expire OpenSSL keys anyway, this issue gets closed.

Actions
Copy link
 #6

Updated by Bernhard Eckl over 10 years ago

I can confirm this issue! TYPO3 4.7, sysext felogin, IE8 (other IEs not tested, I think it applies on all versions). Please reopen this issue!

@Nicole Cordes: Nobody wants to save an encrypted password, please read the issue carefully next time before you just close them unresolved.
@Michael Voehringer: Thanks a lot for your workaround! I wrote a ts condition to have another template just for IE and integrated the workaround there.

This should be solved in function tx_rsaauth_feencrypt()

Actions
Copy link

Also available in: Atom PDF