Project

General

Profile

Actions
Copy link

Feature #25204

closed

rsaauth not applied to password change in BE

Added by Christian Lerrahn about 13 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Could have
Assignee:
-
Category:
-
Target version:
7.4 (Backend)
Start date:
2011-03-01
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

While rsaauth encrypts the passwords entered in the login form, no encryption is applied to the password change form in the BE. This is a major design flaw and means that the site is actually less secure than it looks. rsaauth should encrypt all password fields in the BE password change requests as well.

(issue imported from #M17802)

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Feature #68166: Add rsa protection to password fieldsClosedNicole Cordes2015-07-15

Actions
Actions
Copy link
 #1

Updated by Dmitry Dulepov about 13 years ago

Technically there is no way to apply rsaauth to password in BE forms. Login is different! To use RSAAuth in TCEforms, we will have to change quite a lot in TCEforms.

Actions
Copy link
 #2

Updated by Mathias Schreiber over 9 years ago

  • Tracker changed from Bug to Feature
  • Description updated (diff)
  • Priority changed from Should have to Could have
  • Target version changed from 0 to 7.4 (Backend)
Actions
Copy link
 #3

Updated by Wouter Wolters over 8 years ago

  • Status changed from New to Closed

This will be handled in #68166

Actions
Copy link

Also available in: Atom PDF