Project

General

Profile

Actions

Task #80018

closed

Deprecate usage of EXT:rsaauth

Added by Mads Lønne Jensen over 7 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
Start date:
2017-07-13
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

The extension rsaauth lays an additional layout of encryption on top of submitted password fields.

However, it does not protect against session highjacking or man-in-the-middle attacks -- only TLS does this!

The rsaauth extensions should be deprecated and its usage should be discouraged. Instead we should encourage (and help) the user to only serve TYPO3 sites over HTTPS.


Subtasks 1 (0 open1 closed)

Task #81852: Deprecate EXT:rsaauthClosedGeorg Ringer2017-07-13

Actions

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #25367: rsaauth does not encrypt new passwords entered in forgot password formClosed2011-03-21

Actions
Actions

Also available in: Atom PDF