Project

General

Profile

Actions

Feature #51479

closed

Show somehow which user passwords are treatend as unsecure.

Added by Kay Strobach almost 11 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Reports
Target version:
-
Start date:
2013-08-28
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:

Description

Show somehow which user passwords are treatend as unsecure.
-> it's hard to figure out, which passwords are the problem :D


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Feature #80793: provide configurable password policiesClosed2017-04-10

Actions
Follows TYPO3 Core - Bug #36244: Status report shows security warning after Scheduler "Convert user passwords to salted hashes (saltedpasswords)"Closed2012-04-17

Actions
Actions #1

Updated by Philipp Gampe almost 11 years ago

  • Status changed from New to Needs Feedback

So you want a list of users there?

Actions #2

Updated by Kay Strobach almost 11 years ago

either a list of users / uid in the mail or any indication in the be_user module, that a particular users password is unsecure (in case of encryption)

Actions #3

Updated by Alexander Opitz almost 11 years ago

  • Category set to Backend User Interface
  • Status changed from Needs Feedback to New
Actions #4

Updated by Philipp Gampe over 9 years ago

  • Complexity set to easy

Basically, the report only needs to collect the backend user names and uids of effected accounts and to display those in a nice table.

Actions #5

Updated by Susanne Moog almost 9 years ago

  • Category changed from Backend User Interface to Reports
Actions #6

Updated by Riccardo De Contardi about 7 years ago

  • Related to Feature #80793: provide configurable password policies added
Actions #7

Updated by Benni Mack about 4 years ago

  • Status changed from New to Needs Feedback

Hey Kay,

I know this issue is very old but I need some basic input again on this.

What do you mean with insecure? I guess passwords that haven't been converted to salted passwords yet?

Actions #8

Updated by Kay Strobach about 4 years ago

There was a report, which said something like, "xxx passwords are not yet converted and considered safed unsecure".

The UX Problem was, that there was no way to see, in the UI, which of the users are affected.

For v9 etc. this might be considered deprecated, and could be closed, i can not find the report in the v9 module anymore.

Actions #9

Updated by Riccardo De Contardi about 4 years ago

I guess we're talking of this one:

TYPO3 8.7.32

EXT:reports/Classes/Report/Status/SecurityStatus.php, function getSaltedPasswordsStatus

The label is: EXT:reports/Resources/Private/Language/locallang_reports.xlf:status_saltedPasswords_notAllPasswordsHashed

both function and label are absent on 9.5.15 (I don't know the exact commit, it could be https://review.typo3.org/c/Packages/TYPO3.CMS/+/57885/ )

Actions #10

Updated by Benni Mack about 4 years ago

  • Status changed from Needs Feedback to Closed

Thanks for the quick feedback. Closing this now!

Actions

Also available in: Atom PDF