Project

General

Profile

Actions
Copy link

Bug #44160

closed

rsaauth doesn't secure the change password form of felogin

Added by Reinhard Führicht over 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
4.5.23
Start date:
2012-12-20
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.0
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Prerequisites:

TYPO3 6.0 (and older)
felogin
rsaauth

The problem:

EXT:felogin provides a feature to change a users password.
However, the data entered in this form is not obfuscated in any way by EXT:rsaauth.
So, the data is transmitted in plain text and might be read by others.

The solution:

Attached patch adds JS code suitable to obfuscate the data of the “forgot password form” and adds code to the controller of EXT:felogin to handle encrypted password.

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #25367: rsaauth does not encrypt new passwords entered in forgot password formClosed2011-03-21

Actions
Actions
Copy link

Also available in: Atom PDF