Bug #85321

"Message too long for RSA" when submitting login with felogin

Added by Daniel Koether over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2018-06-20
Due date:
% Done:

100%

TYPO3 Version:
7
PHP Version:
5.6
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Hello everyone,

I'm using the TYPO3 sysext felogin for some protected TYPO3 sites.
Currently in all browsers the message "Message too long for RSA" is shown when submitting the login form. On second try I'm able to login the user.

I know there were some issues in IE in the past about this topic but there aren't any solutions:
https://forge.typo3.org/issues/41079 & https://forge.typo3.org/issues/67516

The attribute data-rsa-encryption="" is set to the password field.

Deactivating autocomplete (https://twitter.com/cybersmog/status/230323910778970113?lang=de) didn't work.

Did anyone face this behaviour or can confirm that this is bug in TYPO3 7.6?

Thanks in advance!
Daniel

Bildschirmfoto 2018-06-20 um 17.45.25.png View (7.63 KB) Daniel Koether, 2018-06-20 17:45

History

#1 Updated by Georg Ringer over 1 year ago

  • Status changed from New to Needs Feedback

are you using some large passwords (in combination with a password manager)?

in general you shouldn't use the rsauth ext anymore but use https which protects the user data better and you avoid those issues.

#2 Updated by Daniel Koether about 1 year ago

  • % Done changed from 0 to 100

Hello again,

thank you Georg for answering. This bug (which is not a bug) can be set to done.

Thanks a lot!

#3 Updated by Wouter Wolters about 1 year ago

  • Status changed from Needs Feedback to Closed

Closed as requested.

#4 Updated by Moritz Ahl about 1 year ago

I ran into the same issue today. I deactivated ext:rsaauth but had the problem that users weren't able to log in anymore with their old passwords.

After some research I found out that in this case you also need to set [TYPO3_CONF_VARS][FE][loginSecurityLevel] and [TYPO3_CONF_VARS][BE][loginSecurityLevel] to 'normal'.

Maybe this is saving some headache for others.

Also available in: Atom PDF