silverstripe-framework/src/Security
Serge Latyntcev eccfa9b10d [CVE-2019-12203] Session fixation in "change password" form
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:03:48 +12:00
..
Confirmation FIX Confirmation components to respect SS_BASE_URL (#9074) 2019-07-05 16:05:41 +12:00
MemberAuthenticator [CVE-2019-12203] Session fixation in "change password" form 2019-09-24 16:03:48 +12:00
AuthenticationHandler.php Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
AuthenticationMiddleware.php FIX: Removed unnecessary database_is_ready call. 2017-08-25 13:06:12 +12:00
Authenticator.php API Refactor bootstrap, request handling 2017-06-22 22:50:45 +12:00
BasicAuth.php Merge remote-tracking branch 'origin/4.0' into 4 2018-01-22 14:57:05 +13:00
BasicAuthMiddleware.php API Shift basic auth checking into middleware 2017-12-20 11:39:04 +13:00
CMSSecurity.php Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
DefaultAdminService.php FIX Issue where default admin has no password encryption 2018-02-06 20:18:32 +00:00
DefaultPermissionChecker.php API Implement InheritedPermission calculator (#6877) 2017-05-11 21:07:27 +12:00
Group.php Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group 2019-08-30 09:51:52 +12:00
GroupCsvBulkLoader.php Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
IdentityStore.php Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
InheritedPermissionFlusher.php Cache warming in InheritedPermissions::getCachePermissions() 2017-12-12 09:01:43 +13:00
InheritedPermissions.php Fix administrators not being able to see files that are restricted to groups 2019-09-23 16:44:28 +12:00
InheritedPermissionsExtension.php API Implement InheritedPermission calculator (#6877) 2017-05-11 21:07:27 +12:00
LoginAttempt.php Merge branch '4.2' into 4 2018-10-03 15:28:05 +02:00
LoginForm.php FIX Handle falsy return value when setting form field value in setAuthenticatorClass() 2019-02-01 19:39:15 +03:00
LogoutForm.php NEW: Add CSRF token to logout action 2017-06-21 15:42:13 +01:00
Member_GroupSet.php MINOR Reduce some code complexity, update array syntax and injected SQLSelect etc 2018-09-27 16:40:23 +02:00
Member_Validator.php Update code style and fix tests 2017-10-30 17:34:15 +13:00
Member.php FIX Member::changePassword() no longer applies password validation rules to the hashed value 2019-08-16 09:06:07 +12:00
MemberCsvBulkLoader.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
MemberPassword.php API Update DefaultAdmin services 2017-06-15 15:53:57 +12:00
NullSecurityToken.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PasswordEncryptor_Blowfish.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PasswordEncryptor_EncryptionFailed.php NEW: Move code files into src/ folder. 2016-11-01 13:37:24 +13:00
PasswordEncryptor_LegacyPHPHash.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PasswordEncryptor_MySQLOldPassword.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PasswordEncryptor_MySQLPassword.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PasswordEncryptor_None.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PasswordEncryptor_NotFoundException.php NEW: Move code files into src/ folder. 2016-11-01 13:37:24 +13:00
PasswordEncryptor_PHPHash.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PasswordEncryptor.php BUG Prevent invalid members being written to database if validation_enabled is false 2018-02-01 16:24:31 +13:00
PasswordValidator.php Fix password validation min length message 2019-05-13 13:43:29 +12:00
Permission_Group.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
Permission.php Implement feedback on PSR-19 compatibility 2019-01-30 11:57:17 +13:00
PermissionCheckboxSetField_Readonly.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PermissionCheckboxSetField.php Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
PermissionChecker.php API Implement InheritedPermission calculator (#6877) 2017-05-11 21:07:27 +12:00
PermissionFailureException.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PermissionProvider.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PermissionRole.php Ran upgrader for lang files 2017-04-28 14:59:42 +12:00
PermissionRoleCode.php FIX Replace deprecated %s placeholders in translations with named placeholders 2017-08-02 13:03:55 +12:00
RandomGenerator.php Alter deprecation version numbers 2018-11-06 00:07:24 +13:00
RememberLoginHash.php Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
RequestAuthenticationHandler.php FIX Move Member log out extension points to non-deprecated methods 2017-11-02 11:39:02 +13:00
Security.php Merge branch '4.3' into 4.4 2019-08-02 11:24:45 +12:00
SecurityToken.php FIX Allow the current controller as well as injectable HTTPRequest objects 2017-12-12 16:35:53 +13:00