Bug #44160
closed
rsaauth doesn't secure the change password form of felogin
0%
Description
Prerequisites:
TYPO3 6.0 (and older)
felogin
rsaauth
The problem:
EXT:felogin provides a feature to change a users password.
However, the data entered in this form is not obfuscated in any way by EXT:rsaauth.
So, the data is transmitted in plain text and might be read by others.
The solution:
Attached patch adds JS code suitable to obfuscate the data of the “forgot password form” and adds code to the controller of EXT:felogin to handle encrypted password.
Updated by Jigal van Hemert over 11 years ago
- Category set to Authentication
- Status changed from New to Needs Feedback
- Target version set to 4.5.23
I'd like to close this one as a duplicate.
Maybe you can continue in #25367 and push your patch to Gerrit (see http://wiki.typo3.org/Contribution_Walkthrough_Tutorials for information on contributing your patch; or ask in the mailing lists or ask the Friendly Ghost of the week)?
Updated by Reinhard Führicht over 11 years ago
Hi,
I already pushed a patch (https://review.typo3.org/#/c/17256/). I followed the instructions in the wiki. Isn't this patch now somehow linked to the issue on Forge? If not, can you tell me how to link it to #25367? I don't mind which issue to continue in as long as the bug gets fixed. :-)
Updated by Reinhard Führicht over 11 years ago
Hi Jigal,
can you please tell me how to proceed?
Updated by Jigal van Hemert almost 11 years ago
- Status changed from Needs Feedback to Under Review
Updated by Gerrit Code Review almost 11 years ago
Patch set 11 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17256
Updated by Markus Klein almost 11 years ago
Please add a documentation ticket and link it here. I guess this change has to be noted somewhere.
Updated by Gerrit Code Review almost 11 years ago
Patch set 12 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17256
Updated by Gerrit Code Review almost 11 years ago
Patch set 13 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17256
Updated by Gerrit Code Review almost 11 years ago
Patch set 14 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17256
Updated by Gerrit Code Review over 10 years ago
Patch set 15 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17256
Updated by Gerrit Code Review over 10 years ago
Patch set 16 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17256
Updated by Markus Klein over 10 years ago
- Status changed from Under Review to Closed
- Is Regression set to No
Closing this as duplicate. Continue in the original ticket.