Task #80017

Security: Do not send password hashes when editing user records

Added by Mads Lønne Jensen over 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Start date:
2017-02-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Currently, when editing a user in the backend the password hash is sent as initial value for the (hidden) input field.

It is considered bad practice to expose password hashes to users.


Related issues

Is duplicate of TYPO3 Core - Task #59233: Do not transfer content of fields with eval=passwordAccepted2014-05-30

Actions
#1

Updated by Mads Lønne Jensen over 4 years ago

  • Category set to Security
#2

Updated by Benni Mack about 4 years ago

  • Target version changed from 8 LTS to Candidate for patchlevel
#3

Updated by Oliver Hader over 2 years ago

  • Is duplicate of Task #59233: Do not transfer content of fields with eval=password added
#4

Updated by Oliver Hader over 2 years ago

  • Status changed from New to Closed

Also available in: Atom PDF