Описание
silverstripe/framework password encryption salt not updated
When a user changes their password, the internal salt used for hashing their password is not updated.
Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of password.
Ссылки
- https://github.com/silverstripe/silverstripe-framework/commit/08384bb4d6b98c44388ffb4727c317ed14fe3c81
- https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a
- https://github.com/silverstripe/silverstripe-framework/commit/dc47f7ec9adf67a3f31887467de5b110e8e5b285
- https://github.com/silverstripe/silverstripe-framework/commit/f85dea2e6d5b303abd43b5e5efc07c66c8d2acf4
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-008-1.yaml
- https://www.silverstripe.org/download/security-releases/ss-2016-008
Пакеты
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.1.19-rc1, < 3.1.20
3.1.20
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.2.4-rc1, < 3.2.5
3.2.5
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.3.2-rc1, < 3.3.3
3.3.3
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.4.0-rc1, < 3.4.1
3.4.1