Bug #31397
closed
Check for default password of admin account no longer works in status reports module
Added by Gregor Hermens about 13 years ago.
Updated almost 13 years ago.
Description
In typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php line 68, function getAdminAccountStatus() only looks for the md5 value of default password 'password'. As rasauth and saltedpasswords are now activated by default, status reports module no longer issues a warning if the default password of BE account 'admin' is still set.
Files
Attached patch bug_31397.diff checks for both plain md5 and salted hash.
- Status changed from New to Under Review
Patch set 1 of change Ibefcadb60afb2d22490fc1219559d8651d256c8a has been pushed to the review server.
It is available at http://review.typo3.org/6392
- Assignee set to Francois Suter
Good catch. I'm reviewing your patch.
- Target version set to 4.6.1
- Complexity set to medium
Patch set 2 of change Ibefcadb60afb2d22490fc1219559d8651d256c8a has been pushed to the review server.
It is available at http://review.typo3.org/6392
Patch set 3 of change Ibefcadb60afb2d22490fc1219559d8651d256c8a has been pushed to the review server.
It is available at http://review.typo3.org/6392
Patch set 4 of change Ibefcadb60afb2d22490fc1219559d8651d256c8a has been pushed to the review server.
It is available at http://review.typo3.org/6392
Patch set 5 of change Ibefcadb60afb2d22490fc1219559d8651d256c8a has been pushed to the review server.
It is available at http://review.typo3.org/6392
Patch set 1 of change Ibefcadb60afb2d22490fc1219559d8651d256c8a has been pushed to the review server.
It is available at http://review.typo3.org/6404
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by