Actions
Bug #73797
closed
Security bug: You can really change the user (not just SU) in TYPO3 Backend
Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2016-03-01
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
Hi there,
I found a mysterious behaviour in the TYPO3 backend.
Way to reproduce the error:- TYPO3 Login as admin "a1" (your account)
- Switch user (su) to a second admin "a2"
- Switch user (su as "a2") to a third user "a3"
- Leave the SU mode from "a3" back to "a2"
No you are "a2"! You are not in the su mode anymore.
So you can not switch back to "a1", which is your account.
Possible solution:
Maybe the SU buttons should be disabled if you are already in the su mode.
Updated by 
Updated by 
Updated by
Actions