Feature #25204: rsaauth not applied to password change in BE - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Feature #25204

closed

rsaauth not applied to password change in BE

Added by Christian Lerrahn about 13 years ago. Updated almost 9 years ago.

Status:

Closed

Priority:

Could have

Assignee:

Category:

Target version:

7.4 (Backend)

Start date:

2011-03-01

Due date:

% Done:

Estimated time:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

While rsaauth encrypts the passwords entered in the login form, no encryption is applied to the password change form in the BE. This is a major design flaw and means that the site is actually less secure than it looks. rsaauth should encrypt all password fields in the BE password change requests as well.

(issue imported from #M17802)

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Watchers (1)

Feature #25204

rsaauth not applied to password change in BE

Updated by Dmitry Dulepov about 13 years ago

Updated by Mathias Schreiber over 9 years ago

Updated by Wouter Wolters almost 9 years ago