Project

General

Profile

Actions
Copy link

Bug #56004

closed

Retain username when entering an insecure password

Added by Michael Schams about 10 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2014-02-16
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

When installing TYPO3 CMS 6.2 from scratch, at the step create user and import base data, you have the option to enter a username and a password for the initial administrator user. Field username is pre-filled with "admin".

- change "admin" to your own username (e.g. "firstname.lastname")
- use a short, insecure password
- click "continue" button

Message appears "Administrator password not good enough!" and form comes up again.
At this point, field username falls back to "admin".

However, the username was not the problem and from a usability perspective you would expect that valid data entered should remain. Therefore, the field should be pre-filled with the previously entered value (e.g. "firstname.lastname") rather than fall-back to "admin".

This issue occurs in TYPO3 CMS 6.2.0beta5.

Files

Download all files
screenshot0014.png (39.3 KB) screenshot0014.png Michael Schams, 2014-02-16 03:57
screenshot-20200116-0850.png (163 KB) screenshot-20200116-0850.png Michael Schams, 2020-01-15 22:59

Related issues 3 (1 open2 closed)

Related to TYPO3 Core - Feature #21659: Introduce Password PoliciesClosed2009-11-24

Actions
Related to TYPO3 Core - Feature #80793: provide configurable password policiesClosed2017-04-10

Actions
Related to TYPO3 Core - Feature #80792: Password strength meter for BE LoginNew2017-04-10

Actions
Actions
Copy link

Also available in: Atom PDF