Bug #23338
closedfelogin, rsaauth, saltedpassword and Internet Explorer 8 (IE) Password Manager
0%
Description
When using rsaauth the password gets decrypted with javascript before the password manager saves the password. Thus the saved password is the RSAed value. Next time the user tries to login it fails because the RSAed value is posted and RSAed a 2nd time.
In Firefox (4 beta 2) I had more troubles reproducing the error. I searched quite a bit but could not find a solution/explanaition for this issue.
(issue imported from #M15330)
Files
Updated by Jens Neumann over 13 years ago
I can confirm this Bug for
- TYPO3 Version 4.4.2
- rsaauth 1.0.0
- saltedpasswords 1.0.0
- IE 8
Error Message from IE: "Message too long for RSA"
Look´s similar to the MD5 Problem with md5.js. But i can´t locate the proper JS.
Any ideas?
Updated by Gernot Brandner over 13 years ago
IE saves passwords after onsubmit() is executed, thus it saves the encrypted password. The enrypted password seems to be to long to be encrypted again.
In FF (and pehaps most other browsers) the password is saved before onsubmit() is executed.
I wrote a little workaround (felogin_workaround.txt). (The javascript uses jQuery)
It isn't a real fix for IE, because with this workaround no password (empty string) is saved.
Updated by Michael Voehringer over 13 years ago
I can reproduce this bug with safari 5.0.3 (mac) and typo3 4.4.6.
Updated by Robert Heel about 13 years ago
Also see http://forge.typo3.org/issues/9637
Updated by Nicole Cordes over 10 years ago
- Category deleted (
Communication) - Status changed from New to Closed
- Target version deleted (
0)
As saving the encrypted key isn't supported due to expire OpenSSL keys anyway, this issue gets closed.
Updated by Bernhard Eckl over 10 years ago
I can confirm this issue! TYPO3 4.7, sysext felogin, IE8 (other IEs not tested, I think it applies on all versions). Please reopen this issue!
@Nicole Cordes: Nobody wants to save an encrypted password, please read the issue carefully next time before you just close them unresolved.
@Michael Voehringer: Thanks a lot for your workaround! I wrote a ts condition to have another template just for IE and integrated the workaround there.
This should be solved in function tx_rsaauth_feencrypt()