Project

General

Profile

Actions
Copy link

Task #80017

closed

Security: Do not send password hashes when editing user records

Added by Mads Lønne Jensen over 7 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
Candidate for patchlevel
Start date:
2017-02-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Currently, when editing a user in the backend the password hash is sent as initial value for the (hidden) input field.

It is considered bad practice to expose password hashes to users.

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Task #59233: Do not transfer content of fields with eval=passwordClosed2014-05-30

Actions
Actions
Copy link

Also available in: Atom PDF