Task #80017

Security: Do not send password hashes when editing user records

Added by Mads Lønne Jensen over 2 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Start date:
2017-02-25
Due date:
% Done:

0%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Currently, when editing a user in the backend the password hash is sent as initial value for the (hidden) input field.

It is considered bad practice to expose password hashes to users.


Related issues

Duplicates TYPO3 Core - Task #59233: Do not transfer content of fields with eval=password Accepted 2014-05-30

History

#1 Updated by Mads Lønne Jensen over 2 years ago

  • Category set to Security

#2 Updated by Benni Mack over 2 years ago

  • Target version changed from 8 LTS to Candidate for patchlevel

#3 Updated by Oliver Hader 9 months ago

  • Duplicates Task #59233: Do not transfer content of fields with eval=password added

#4 Updated by Oliver Hader 9 months ago

  • Status changed from New to Closed

Also available in: Atom PDF