Project

General

Profile

Actions
Copy link

Bug #51941

closed

Exclusive FE usage flag in configuration has no effect

Added by Marco Zanter over 10 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2013-09-12
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.1
PHP Version:
Tags:
Complexity:
hard
Is Regression:
No
Sprint Focus:

Description

because authUser in SaltedPasswordService.php always return 0, if authentication fails.
Line 215:

if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
    $OK = 0;
}

Should be:

if (intval($this->extConf['onlyAuthService'])) {
    $OK = 0;
}

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #22030: Authentication Bypass in frontend user authentication (sysext:saltedpasswords)ClosedMarcus Krause2010-01-30

Actions
Actions
Copy link
 #1

Updated by Mathias Schreiber about 9 years ago

  • Target version set to 7.4 (Backend)
Actions
Copy link
 #2

Updated by Susanne Moog over 8 years ago

  • Target version changed from 7.4 (Backend) to 7.5
Actions
Copy link
 #3

Updated by Benni Mack over 8 years ago

  • Target version changed from 7.5 to 7 LTS
Actions
Copy link
 #4

Updated by Helmut Hummel over 8 years ago

  • Complexity set to hard

No easy fix here as the flag was introduced to fix a severe vulnerability and we need to make sure to not re-introduce it

Actions
Copy link
 #5

Updated by Benni Mack over 8 years ago

  • Target version deleted (7 LTS)
Actions
Copy link
 #6

Updated by Susanne Moog about 4 years ago

  • Status changed from New to Closed

As that whole part of TYPO3 was rewritten and neither the Service class nor the options exist anymore, I'm closing the issue here. If it is still relevant, please open a new issue with the according reference to the current code.

Actions
Copy link

Also available in: Atom PDF