Bug #91415

After Update from 9.5.14 to 9.5.17 - backend and installer login are not working

Added by cosmoblonde GmbH 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
Start date:
2020-05-15
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.3
Tags:
argon2, bcrypt
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

We have a working site with TYPO3 9.5.14. Unfortunately the hosting provider does not support argon2. So we used the bcrypt algorithm as fallback password-hashing configuration so far like this:

$GLOBALS['TYPO3_CONF_VARS']['FE']['passwordHashing']['className'] = 'TYPO3\\CMS\\Core\\Crypto\\PasswordHashing\\BcryptPasswordHash';
$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordHashing']['className'] = 'TYPO3\\CMS\\Core\\Crypto\\PasswordHashing\\BcryptPasswordHash';

After upgrading to 9.5.17 the backend login and the installer login ceased to work.
Login-Warning Mails came up with the message:

Login-attempt from x.x.x.x for username 'yyyy' with an empty password!

BE cache deletion (incl. Browser-Cache and Cookies) did not help.

After resetting the TYPO3 sources to 9.5.14 be login and installer login worked again.


Related issues

Is duplicate of TYPO3 Core - Bug #91385: JavaScript error for extensions overriding login formClosed2020-05-13

Actions
#1

Updated by Richard Haeser 7 months ago

  • Is duplicate of Bug #91396: Allow SSO authentication handlers to pass SSRF referrer checks added
#2

Updated by Richard Haeser 7 months ago

  • Is duplicate of deleted (Bug #91396: Allow SSO authentication handlers to pass SSRF referrer checks)
#3

Updated by Oliver Hader 7 months ago

Probably a custom Login.html template is used. Symptomatic empty passwords points to issue #91385

#4

Updated by Oliver Hader 7 months ago

  • Is duplicate of Bug #91385: JavaScript error for extensions overriding login form added
#5

Updated by Oliver Hader 7 months ago

  • Status changed from New to Needs Feedback
#6

Updated by Oliver Hader 7 months ago

Please report back whether v9.5 patch at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64485 solves the problem in your scenario. The patch has been merged to 9.5.x Git branch already.

#7

Updated by Oliver Hader 7 months ago

Friendly reminder: Relevant changes have been merged to Git branches in between. Could you please give the TYPO3 v9.5 Git branch a try and report back in case there are additional problems? Thx in advance

#8

Updated by Oliver Hader 6 months ago

  • Status changed from Needs Feedback to Closed

Closing, most probably addressed in issue #91385

Also available in: Atom PDF