Project

General

Profile

Actions

Bug #51941

closed

Exclusive FE usage flag in configuration has no effect

Added by Marco Zanter about 11 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2013-09-12
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.1
PHP Version:
Tags:
Complexity:
hard
Is Regression:
No
Sprint Focus:

Description

because authUser in SaltedPasswordService.php always return 0, if authentication fails.
Line 215:

if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
    $OK = 0;
}

Should be:

if (intval($this->extConf['onlyAuthService'])) {
    $OK = 0;
}


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #22030: Authentication Bypass in frontend user authentication (sysext:saltedpasswords)ClosedMarcus Krause2010-01-30

Actions
Actions #1

Updated by Mathias Schreiber almost 10 years ago

  • Target version set to 7.4 (Backend)
Actions #2

Updated by Susanne Moog over 9 years ago

  • Target version changed from 7.4 (Backend) to 7.5
Actions #3

Updated by Benni Mack about 9 years ago

  • Target version changed from 7.5 to 7 LTS
Actions #4

Updated by Helmut Hummel about 9 years ago

  • Complexity set to hard

No easy fix here as the flag was introduced to fix a severe vulnerability and we need to make sure to not re-introduce it

Actions #5

Updated by Benni Mack about 9 years ago

  • Target version deleted (7 LTS)
Actions #6

Updated by Susanne Moog over 4 years ago

  • Status changed from New to Closed

As that whole part of TYPO3 was rewritten and neither the Service class nor the options exist anymore, I'm closing the issue here. If it is still relevant, please open a new issue with the according reference to the current code.

Actions

Also available in: Atom PDF