[SECURITY] Information Disclosure in the Configuration Module
authorMario Rimann <mario.rimann@typo3.org>
Wed, 15 Aug 2012 10:18:35 +0000 (12:18 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:18:38 +0000 (12:18 +0200)
commit829e391df75bf50b58502e0dd9b576a88d03aed3
tree72ae6d05fb285d1d5c0b71d20bb6d83b2fbc0420
parentdc6529c3dddd439228497c1fb6f91de6cea75cb0
[SECURITY] Information Disclosure in the Configuration Module

The configuration module showed the encryption key as plaintext.
For this view, the encryption key is masked and it's length is
shown instead, e.g. "***** (length: 96 characters)"

Change-Id: I8ed5ee014f686fdf8ff527c0b569218c51a9bcaa
Fixes: #39345
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 585cf4f52ff4e946f31371f4cb6fde33d398d4d4
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13748
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/lowlevel/config/index.php