Bug #24456

Information disclosure during backend login

Added by Helmut Hummel about 9 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
Start date:
2011-01-03
Due date:
% Done:

100%

TYPO3 Version:
4.2
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

In case a wrong username is submitted other HTTP headers are sent, than
in case only the password is wrong. This provides an attacker more
information than intended.

I tracked down this problem to the various session_start() calls, which
also send HTTP headers by default. If the submitted username exists, a
php session is started to get the challange out of the session
(compareUident()). This sends out some HTTP headers which will then
partly be overridden by header() calls (sendNoCacheHeaders()) with the
same HTTP headers (both happening in t3lib_userauth).

OTRS: 2011010210000017
Reporter: Sebastian Schinzel
(issue imported from #M16894)

16894_trunk.diff View (616 Bytes) Administrator Admin, 2011-01-03 00:52

24456_42.patch View - Updated patch (545 Bytes) Oliver Hader, 2011-04-28 22:23

24456_v2.diff View (1.04 KB) Helmut Hummel, 2011-07-13 23:27

24456_43.patch View (1.02 KB) Oliver Hader, 2011-07-22 16:08

24456_44.patch View (1.02 KB) Oliver Hader, 2011-07-22 16:08

24456_45.patch View (1.01 KB) Oliver Hader, 2011-07-22 16:08

24456_46.patch View (1.03 KB) Oliver Hader, 2011-07-22 16:08


Related issues

Related to TYPO3 Core - Bug #29274: Regression on session handling for security fix Closed 2011-08-26
Related to TYPO3 Core - Bug #28948: Session is always started Closed 2011-08-12
Related to TYPO3 Core - Bug #28900: All links have Parameter PHPSESSID at first load of website URL Closed 2011-08-10
Related to TYPO3 Core - Bug #28694: PHP Warning: session_start() Closed 2011-08-03

Associated revisions

Revision d9411b59 (diff)
Added by Helmut Hummel over 8 years ago

[BUGFIX] Information disclosure during backend login

Change-Id: I5df743d9432b12b77e7fb44910d1f66619db2e45
Resolves: #24456
Reviewed-on: http://review.typo3.org/3737
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Revision 96c4b41d (diff)
Added by Helmut Hummel over 8 years ago

[BUGFIX] Information disclosure during backend login

Change-Id: Ife716323fb281380505b2461563c22656da09334
Resolves: #24456
Reviewed-on: http://review.typo3.org/3738
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Revision 281713c3 (diff)
Added by Helmut Hummel over 8 years ago

[BUGFIX] Information disclosure during backend login

Change-Id: I04cffe3eae59b281be409f70e6adaa7539a3a409
Resolves: #24456
Reviewed-on: http://review.typo3.org/3739
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Revision e783aa69 (diff)
Added by Helmut Hummel over 8 years ago

[BUGFIX] Information disclosure during backend login

Change-Id: I02e956d3cb41657f68475a3de861ed13fa8b0eb3
Resolves: #24456
Reviewed-on: http://review.typo3.org/3740
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

History

#1 Updated by Oliver Hader almost 9 years ago

#2 Updated by Oliver Hader almost 9 years ago

  • Status changed from New to Under Review

#3 Updated by Michael Stucki almost 9 years ago

  • Target version deleted (1076)

#4 Updated by Helmut Hummel over 8 years ago

  • Target version set to 4.5.4

#5 Updated by Helmut Hummel over 8 years ago

This patch fixes the issue and makes login possible with phpmyadmin enabled

#6 Updated by Oliver Hader over 8 years ago

#7 Updated by Marcus Krause over 8 years ago

  • Has patch changed from No to Yes

Mentioned in Bulletin

#8 Updated by Anonymous over 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#9 Updated by Helmut Hummel over 8 years ago

  • Project changed from Core Security to TYPO3 Core

#10 Updated by Riccardo De Contardi over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF