Bug #31407

Task #49162: Rewrite install tool

Admin user creation function uses hardcoded md5() for password

Added by Markus Klein almost 4 years ago. Updated about 2 years ago.

Status:Resolved Start date:2011-10-30
Priority:Must have Due date:
Assigned To:- % Done:

100%
Category:Install Tool Spent time: -
Target version:-
TYPO3 Version:4.6 Is Regression:
PHP Version: Sprint Focus:
Complexity:medium

Description

The Install Tool function for creating an admin user uses hardcoded md5() for the associated password.
This does not work together with rsaauth/saltedpasswords.

typo3/sysext/install/mod/tx_install.php, line 6082:

$insertFields = array(
    'username' => $username,
    'password' => md5($pass),
    'admin' => 1,
    'uc' => '',
    'fileoper_perms' => 0,
    'tstamp' => $GLOBALS['EXEC_TIME'],
    'crdate' => $GLOBALS['EXEC_TIME']
);

Related issues

related to Core - Bug #31397: Check for default password of admin account no longer wor... Closed 2011-10-29
related to Core - Feature #50612: Create BE-user in installation wizard (123 step) with a s... Resolved 2013-08-26
duplicated by Core - Bug #39350: Create a admin user with hashed password in Install Tool Closed 2012-07-28

Associated revisions

Revision d7ad41f5
Added by Wouter Wolters about 2 years ago

[FEATURE] Create BE-user in Install Tool with a salted password

Introduce the possibility to salt the password when creating
a new Backend User in the Install Tool. When Saltedpasswords
is installed and backend usage is enabled the password will
be salted with saltedpasswords. Otherwise the md5 hashing method
is still used.

Change-Id: I30b2fab2c4158c878e849f061f0d464b501b62bc
Resolves: #31407
Releases: 6.2
Reviewed-on: https://review.typo3.org/22676
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes

History

#1 Updated by Xavier Perseguers over 3 years ago

  • Target version changed from 4.6.1 to 4.6.2

#2 Updated by Mario Rimann over 3 years ago

What's the proposed change to get this solved?

#3 Updated by Xavier Perseguers over 3 years ago

  • Target version deleted (4.6.2)

#4 Updated by Markus Klein over 3 years ago

I guess we need to access saltedpasswords somehow.

#5 Updated by Gerrit Code Review about 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22676

#6 Updated by Gerrit Code Review about 2 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22676

#7 Updated by Wouter Wolters about 2 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#8 Updated by Christian Kuhn about 2 years ago

  • Parent task set to #49162

Also available in: Atom PDF