[TASK] Introduce sudo mode for install tool accessed via backend (7af1bf4f) · Commits · TYPO3 / TYPO3.CMS

Commit 7af1bf4f authored 4 years ago by

Oliver Hader Committed by Oliver Hader 4 years ago

[TASK] Introduce sudo mode for install tool accessed via backend

The session expiration time for the install tool is reduced from
60 to 15 minutes. When accessing the install tool via backend user
interface, currently logged in backend users have to confirm their
user password again in order to get access to the install tool.
This process is known as "sudo mode".

Standalone install tool is not affected by sudo mode confirmation.
This change enforces mitigation as mentioned in TYPO3-CORE-SA-2020-006,
see https://typo3.org/security/advisory/typo3-core-sa-2020-006.

Resolves: #92836
Releases: master, 10.4, 9.5
Change-Id: Ib4f0e92346610879347a48587ffd575429b98650
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66630


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Torben Hansen <derhansen@gmail.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

parent 5074e96f

Branches