Project

General

Profile

Actions

Task #80017

closed

Security: Do not send password hashes when editing user records

Added by Mads Lønne Jensen about 7 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Start date:
2017-02-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Currently, when editing a user in the backend the password hash is sent as initial value for the (hidden) input field.

It is considered bad practice to expose password hashes to users.


Related issues 1 (1 open0 closed)

Is duplicate of TYPO3 Core - Task #59233: Do not transfer content of fields with eval=passwordAccepted2014-05-30

Actions
Actions #1

Updated by Mads Lønne Jensen about 7 years ago

  • Category set to Security
Actions #2

Updated by Benni Mack almost 7 years ago

  • Target version changed from 8 LTS to Candidate for patchlevel
Actions #3

Updated by Oliver Hader about 5 years ago

  • Is duplicate of Task #59233: Do not transfer content of fields with eval=password added
Actions #4

Updated by Oliver Hader about 5 years ago

  • Status changed from New to Closed
Actions

Also available in: Atom PDF