Skip to content
Snippets Groups Projects
Commit 79260b2d authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[SECURITY] Deny authentication bypass using blowfish/md5 encryption 

Using password hashing methods that are related by class inheritance
can lead to authentication bypass by just knowing a valid username.

Resolves: #84703
Releases: master, 8.7, 7.6
Security-Commit: 2951c4fc0529ec0fd6047786edd3b7189428e574
Security-Bulletin: TYPO3-CORE-SA-2018-001
Change-Id: I859a20c85305291e1cd79b61e630bbbfc4e0568a
Reviewed-on: https://review.typo3.org/57557


Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
parent 2695c32f
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment