Actions
Bug #44160
closedrsaauth doesn't secure the change password form of felogin
Start date:
2012-12-20
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
6.0
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
Prerequisites:
TYPO3 6.0 (and older)
felogin
rsaauth
The problem:
EXT:felogin provides a feature to change a users password.
However, the data entered in this form is not obfuscated in any way by EXT:rsaauth.
So, the data is transmitted in plain text and might be read by others.
The solution:
Attached patch adds JS code suitable to obfuscate the data of the “forgot password form” and adds code to the controller of EXT:felogin to handle encrypted password.
Actions