Project

General

Profile

Actions
Copy link

Bug #24456

closed

Information disclosure during backend login

Added by Helmut Hummel over 13 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
4.5.4
Start date:
2011-01-03
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

In case a wrong username is submitted other HTTP headers are sent, than
in case only the password is wrong. This provides an attacker more
information than intended.

I tracked down this problem to the various session_start() calls, which
also send HTTP headers by default. If the submitted username exists, a
php session is started to get the challange out of the session
(compareUident()). This sends out some HTTP headers which will then
partly be overridden by header() calls (sendNoCacheHeaders()) with the
same HTTP headers (both happening in t3lib_userauth).

OTRS: 2011010210000017
Reporter: Sebastian Schinzel
(issue imported from #M16894)

Files

Download all files
16894_trunk.diff (616 Bytes) 16894_trunk.diff Administrator Admin, 2011-01-03 00:52
24456_42.patch (545 Bytes) 24456_42.patch Updated patch Oliver Hader, 2011-04-28 22:23
24456_v2.diff (1.04 KB) 24456_v2.diff Helmut Hummel, 2011-07-13 23:27
24456_43.patch (1.02 KB) 24456_43.patch Oliver Hader, 2011-07-22 16:08
24456_44.patch (1.02 KB) 24456_44.patch Oliver Hader, 2011-07-22 16:08
24456_45.patch (1.01 KB) 24456_45.patch Oliver Hader, 2011-07-22 16:08
24456_46.patch (1.03 KB) 24456_46.patch Oliver Hader, 2011-07-22 16:08

Related issues 4 (0 open4 closed)

Related to TYPO3 Core - Bug #29274: Regression on session handling for security fixClosedHelmut Hummel2011-08-26

Actions
Related to TYPO3 Core - Bug #28948: Session is always startedClosed2011-08-12

Actions
Related to TYPO3 Core - Bug #28900: All links have Parameter PHPSESSID at first load of website URLClosedManfred Langhammer2011-08-10

Actions
Related to TYPO3 Core - Bug #28694: PHP Warning: session_start()Closed2011-08-03

Actions
Actions
Copy link
 #2

Updated by Oliver Hader almost 13 years ago

  • Status changed from New to Under Review
Actions
Copy link
 #3

Updated by Michael Stucki almost 13 years ago

  • Target version deleted (1076)
Actions
Copy link
 #4

Updated by Helmut Hummel almost 13 years ago

  • Target version set to 4.5.4
Actions
Copy link
 #5

Updated by Helmut Hummel almost 13 years ago

This patch fixes the issue and makes login possible with phpmyadmin enabled

Actions
Copy link
 #7

Updated by Marcus Krause over 12 years ago

Mentioned in Bulletin

Actions
Copy link
 #8

Updated by Anonymous over 12 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #9

Updated by Helmut Hummel over 12 years ago

  • Project changed from 1716 to TYPO3 Core
Actions
Copy link
 #10

Updated by Riccardo De Contardi over 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF