Bug #70216: Bug in compareUident (SaltedPasswordService.php) if salted passwords are used - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #70216

closed

Bug in compareUident (SaltedPasswordService.php) if salted passwords are used

Added by Thomas Hohn about 9 years ago. Updated about 8 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Category:

Authentication

Target version:

Start date:

2015-09-30

Due date:

% Done:

Estimated time:

TYPO3 Version:

6.2

PHP Version:

5.5

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

In fe_users we store the users password as salted password :-)

The call compareUident in SaltedPasswordService.php used by authUser seems to fail since
the password read from $loginData['uident_text'] is now salted and hence the call
to $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
will fail since the password here is expected to be in plaintext

The methods checkPassword implemented in PhpassSalt, and Md5Salt should be able to perform
the comparison even if a salted password is provided.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Watchers (1)

Bug #70216

Bug in compareUident (SaltedPasswordService.php) if salted passwords are used

Updated by Helmut Hummel over 8 years ago

Updated by Riccardo De Contardi about 8 years ago