After Update from 9.5.14 to 9.5.17 - backend and installer login are not working
We have a working site with TYPO3 9.5.14. Unfortunately the hosting provider does not support argon2. So we used the bcrypt algorithm as fallback password-hashing configuration so far like this:
$GLOBALS['TYPO3_CONF_VARS']['FE']['passwordHashing']['className'] = 'TYPO3\\CMS\\Core\\Crypto\\PasswordHashing\\BcryptPasswordHash';
$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordHashing']['className'] = 'TYPO3\\CMS\\Core\\Crypto\\PasswordHashing\\BcryptPasswordHash';
After upgrading to 9.5.17 the backend login and the installer login ceased to work.
Login-Warning Mails came up with the message:
Login-attempt from x.x.x.x for username 'yyyy' with an empty password!
BE cache deletion (incl. Browser-Cache and Cookies) did not help.
After resetting the TYPO3 sources to 9.5.14 be login and installer login worked again.
Updated by Oliver Hader 7 months ago
Please report back whether v9.5 patch at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64485 solves the problem in your scenario. The patch has been merged to 9.5.x Git branch already.