[TYPO3-core] Access denied for old security bug
Ernesto Baschny
ernesto.baschny at typo3.org
Thu Jun 13 10:34:05 CEST 2013
Christian Weiske schrieb am 12.06.2013 21:06:
> Hi,
>
>
> I'm trying to fix the TYPO3 OpenID login[1] and wonder why some of the
> code in OpenidService.php is written the way is written.
>
> The commit is 275af93a, and the commit message says:
>> Fixed bug #13146: Authentication Bypass in TYPO3 Core (OpenID)
>> http://bugs.typo3.org/view.php?id=13146
>
> Now I don't understand why this function is needed at all - but I get
> "access denied" when trying to open the bug details.
>
> Could someone please lift the access restrictions?
>
> It's 3 years later now, and I don't think it should be closed anymore.
>
>
> [1] http://forge.typo3.org/issues/25322
The issue's text and notes contain private and sensitive information
(openID's from developers etc). This is the reason not to open up the
issue to the public.
The relevant public information can be read in the sec bulletin:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-001/
If you have any specific questions about the OpenidService.php class
itself, just ask here in the mailing list and I am confident that you'll
get the answers you need. Dmitry will most probably be the one that
knows the code best.
Regards,
Ernesto
--
Ernesto Baschny
TYPO3 CMS Core Developer
Release Manager TYPO3 4.5 & 6.2 LTS
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list