[TYPO3-core] Feature request: Remove password from content of notification emails
Andreas Otto
andreas.otto at dkd.de
Fri May 18 10:21:31 CEST 2007
Hi Dmitry,
Dmitry Dulepov wrote:
> At least it is harder and requires computation power because you cannot
> guess even password length. As the last resort we can say that "last 10
> md5 digits were...", etc
Changed in trunk:
If TYPO3 is configured to send a notification email about install tool
logins this email discloses the used password if the login fails. Since
this behaviour might not be wanted only the last 5 characters of the md5
hash of the used password are disclosed.
Cheers,
Andreas
More information about the TYPO3-team-core
mailing list