Feature #51479

Show somehow which user passwords are treatend as unsecure.

Added by Kay Strobach almost 9 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Reports
Target version:
-
Start date:
2013-08-28
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:

Description

Show somehow which user passwords are treatend as unsecure.
-> it's hard to figure out, which passwords are the problem :D


Related issues

Related to TYPO3 Core - Feature #80793: provide configurable password policiesOn Hold2017-04-10

Actions
Follows TYPO3 Core - Bug #36244: Status report shows security warning after Scheduler "Convert user passwords to salted hashes (saltedpasswords)"Closed2012-04-17

Actions
#1

Updated by Philipp Gampe almost 9 years ago

  • Status changed from New to Needs Feedback

So you want a list of users there?

#2

Updated by Kay Strobach almost 9 years ago

either a list of users / uid in the mail or any indication in the be_user module, that a particular users password is unsecure (in case of encryption)

#3

Updated by Alexander Opitz almost 9 years ago

  • Category set to Backend User Interface
  • Status changed from Needs Feedback to New
#4

Updated by Philipp Gampe over 7 years ago

  • Complexity set to easy

Basically, the report only needs to collect the backend user names and uids of effected accounts and to display those in a nice table.

#5

Updated by Susanne Moog about 7 years ago

  • Category changed from Backend User Interface to Reports
#6

Updated by Riccardo De Contardi over 5 years ago

  • Related to Feature #80793: provide configurable password policies added
#7

Updated by Benni Mack over 2 years ago

  • Status changed from New to Needs Feedback

Hey Kay,

I know this issue is very old but I need some basic input again on this.

What do you mean with insecure? I guess passwords that haven't been converted to salted passwords yet?

#8

Updated by Kay Strobach over 2 years ago

There was a report, which said something like, "xxx passwords are not yet converted and considered safed unsecure".

The UX Problem was, that there was no way to see, in the UI, which of the users are affected.

For v9 etc. this might be considered deprecated, and could be closed, i can not find the report in the v9 module anymore.

#9

Updated by Riccardo De Contardi over 2 years ago

I guess we're talking of this one:

TYPO3 8.7.32

EXT:reports/Classes/Report/Status/SecurityStatus.php, function getSaltedPasswordsStatus

The label is: EXT:reports/Resources/Private/Language/locallang_reports.xlf:status_saltedPasswords_notAllPasswordsHashed

both function and label are absent on 9.5.15 (I don't know the exact commit, it could be https://review.typo3.org/c/Packages/TYPO3.CMS/+/57885/ )

#10

Updated by Benni Mack over 2 years ago

  • Status changed from Needs Feedback to Closed

Thanks for the quick feedback. Closing this now!

Also available in: Atom PDF