tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
silverstripe-framework/security
History
Serge Latyntcev a86093fee6 [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 10:57:40 +12:00
..
Authenticator.php
FIX Authenticators are more resilient to incomplete configuration
2017-09-12 15:57:03 +01:00
BasicAuth.php
Update some phpdocs that had typos, missing parts or incorrect formats
2018-04-11 20:12:38 +12:00
ChangePasswordForm.php
[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login
2016-08-15 15:51:53 +12:00
CMSMemberLoginForm.php
Merge pull request #5872 from dhensby/pulls/3/injector-for-cmslogin
2016-08-12 14:10:56 +12:00
CMSSecurity.php
Merge branch '3.2' into 3.3
2016-11-18 11:32:36 +00:00
Group.php
Update some phpdocs that had typos, missing parts or incorrect formats
2018-04-11 20:12:38 +12:00
GroupCsvBulkLoader.php
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
LoginAttempt.php
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt
2017-11-30 15:53:50 +13:00
LoginForm.php
Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
2017-09-20 11:39:39 +01:00
Member.php
Merge branch '3.5' into 3.6
2018-06-05 16:30:20 +01:00
MemberAuthenticator.php
Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
2017-09-20 11:39:39 +01:00
MemberCsvBulkLoader.php
parse the string to be converted to group codes.
2015-12-02 10:01:25 +05:30
MemberLoginForm.php
Update some phpdocs that had typos, missing parts or incorrect formats
2018-04-11 20:12:38 +12:00
MemberPassword.php
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
PasswordEncryptor.php
Update some phpdocs that had typos, missing parts or incorrect formats
2018-04-11 20:12:38 +12:00
PasswordValidator.php
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Permission.php
BUG fix CMS_ACCESS permission being ignored if in incorrect order in array
2016-06-28 17:45:15 +12:00
PermissionCheckboxSetField.php
DOCS Fixing docs (and bad API usage)
2015-07-20 16:42:33 +01:00
PermissionFailureException.php
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
PermissionProvider.php
FIX Remove instances of lines longer than 120c
2012-09-30 17:18:13 +13:00
PermissionRole.php
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
PermissionRoleCode.php
API Revert DataObject::validate to 3.1 method signature (protected)
2015-06-16 11:59:21 +12:00
RandomGenerator.php
Allow RandomGenerator to use random_bytes() in PHP 7
2017-04-05 11:05:28 +10:00
Security.php
[CVE-2019-12203] Session fixation in "change password" form
2019-09-24 10:57:40 +12:00
SecurityToken.php
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00