Project

General

Profile

Actions

Feature #25204

closed

rsaauth not applied to password change in BE

Added by Christian Lerrahn over 13 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Could have
Assignee:
-
Category:
-
Target version:
Start date:
2011-03-01
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

While rsaauth encrypts the passwords entered in the login form, no encryption is applied to the password change form in the BE. This is a major design flaw and means that the site is actually less secure than it looks. rsaauth should encrypt all password fields in the BE password change requests as well.

(issue imported from #M17802)


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Feature #68166: Add rsa protection to password fieldsClosedNicole Cordes2015-07-15

Actions
Actions

Also available in: Atom PDF