typo3/sysext/backend/Classes/Form/FieldControl/LinkPopup.php · 85d3e70dff35a99ef53f4b561114acfa9e5c47e1 · typo3 / typo3

[SECURITY] Avoid ambiguous HMAC results · 85d3e70d

ohader authored Jul 28, 2020 and

ohader committed Jul 28, 2020

Cryptographic hashes being calculated from and for query
parameters must only be used for a specific use-case or
scope in order to avoid resulting hashes being ambiguous.

Resolves: #91689
Releases: master, 10.4, 9.5
Change-Id: I59ca16fe71e27195b98a822607aab564425d248d
Security-Bulletin: TYPO3-CORE-SA-2020-008
Security-References: CVE-2020-15098
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65125


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

85d3e70d