Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SECURITY] Deny authentication bypass using blowfish/md5 encryption
Using password hashing methods that are related by class inheritance can lead to authentication bypass by just knowing a valid username. Resolves: #84703 Releases: master, 8.7, 7.6 Security-Commit: 17853c536776b6a7332b05b1e10385f4d87868ae Security-Bulletin: TYPO3-CORE-SA-2018-001 Change-Id: If7a13d3699e217d7d853886b93b84b46f7e22b11 Reviewed-on: https://review.typo3.org/57543 Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>
- Loading branch information