Commit 055bef5d authored by Helmut Hummel's avatar Helmut Hummel Committed by Oliver Hader
Browse files

[SECURITY] Avoid logging sensitive information during authentication

In order to avoid logging sensitive information during authentication
using the logging framework, according log level DEBUG is used.

Resolves: #88230
Releases: master, 9.5
Security-Commit: 625428b6364308f9f07f331bd176110d01e6c2f2
Security-Bulletin: TYPO3-CORE-SA-2019-010
Change-Id: I3e19afad6937515e0f6e1ab0a1c6d7004d182b79
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60703

Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent bba64ab9
......@@ -793,14 +793,14 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
$logData = [
'loginData' => $loginData
];
$this->logger->warning('Login failed', $logData);
$this->logger->debug('Login failed', $logData);
}
if (!empty($tempuserArr)) {
$logData = [
$this->userid_column => $tempuser[$this->userid_column],
$this->username_column => $tempuser[$this->username_column],
];
$this->logger->warning('Login failed', $logData);
$this->logger->debug('Login failed', $logData);
}
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment