Skip to content
Snippets Groups Projects
Commit 14929b98 authored by Frank Naegler's avatar Frank Naegler Committed by Oliver Hader
Browse files

[SECURITY] Prevent time based information disclosure 

To prevent a time based information disclosure in backend password reset,
this patch adds a random delay between 200 milliseconds and 3 seconds
before sending the response to the client.

Resolves: #91243
Releases: master
Change-Id: I0362db283145e0bed414ecdb06fff81b2cff0d4b
Security-Bulletin: TYPO3-CORE-SA-2020-001
Security-References: CVE-2020-11063
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64466


Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
parent dcac1c70
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment