silverstripe-framework/security
Serge Latyntcev a86093fee6 [CVE-2019-12203] Session fixation in "change password" form
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 10:57:40 +12:00
..
Authenticator.php FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
BasicAuth.php Update some phpdocs that had typos, missing parts or incorrect formats 2018-04-11 20:12:38 +12:00
ChangePasswordForm.php [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 2016-08-15 15:51:53 +12:00
CMSMemberLoginForm.php Merge pull request #5872 from dhensby/pulls/3/injector-for-cmslogin 2016-08-12 14:10:56 +12:00
CMSSecurity.php Merge branch '3.2' into 3.3 2016-11-18 11:32:36 +00:00
Group.php Update some phpdocs that had typos, missing parts or incorrect formats 2018-04-11 20:12:38 +12:00
GroupCsvBulkLoader.php Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
LoginAttempt.php [ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
LoginForm.php Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack 2017-09-20 11:39:39 +01:00
Member.php Merge branch '3.5' into 3.6 2018-06-05 16:30:20 +01:00
MemberAuthenticator.php Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack 2017-09-20 11:39:39 +01:00
MemberCsvBulkLoader.php parse the string to be converted to group codes. 2015-12-02 10:01:25 +05:30
MemberLoginForm.php Update some phpdocs that had typos, missing parts or incorrect formats 2018-04-11 20:12:38 +12:00
MemberPassword.php Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
PasswordEncryptor.php Update some phpdocs that had typos, missing parts or incorrect formats 2018-04-11 20:12:38 +12:00
PasswordValidator.php Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Permission.php BUG fix CMS_ACCESS permission being ignored if in incorrect order in array 2016-06-28 17:45:15 +12:00
PermissionCheckboxSetField.php DOCS Fixing docs (and bad API usage) 2015-07-20 16:42:33 +01:00
PermissionFailureException.php Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
PermissionProvider.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
PermissionRole.php Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
PermissionRoleCode.php API Revert DataObject::validate to 3.1 method signature (protected) 2015-06-16 11:59:21 +12:00
RandomGenerator.php Allow RandomGenerator to use random_bytes() in PHP 7 2017-04-05 11:05:28 +10:00
Security.php [CVE-2019-12203] Session fixation in "change password" form 2019-09-24 10:57:40 +12:00
SecurityToken.php Remove all redundant whitespace 2014-08-19 09:17:15 +12:00