Serge Latyntcev eccfa9b10d [CVE-2019-12203] Session fixation in "change password" form ... A potential account hijacking may happen if an attacker has physical access to victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability. Requires the victim to click the password reset link sent to their email. If all the above happens, attackers may reset the password before the actual user does that.		2019-09-24 16:03:48 +12:00
..
ChangePasswordForm.php	API Refactor bootstrap, request handling	2017-06-22 22:50:45 +12:00
ChangePasswordHandler.php	[CVE-2019-12203] Session fixation in "change password" form	2019-09-24 16:03:48 +12:00
CMSLoginHandler.php	BUG Implement or exclude all pending upgrader deltas	2017-07-03 12:21:47 +12:00
CMSMemberAuthenticator.php	BUG Implement or exclude all pending upgrader deltas	2017-07-03 12:21:47 +12:00
CMSMemberLoginForm.php	API LoginForm::authentiator_class is now deprecated, use getters or setters instead	2019-02-01 19:39:15 +03:00
CookieAuthenticationHandler.php	NEW Option for secure "remember me" cookie	2018-07-30 16:41:49 +01:00
LoginHandler.php	Update requesthandlers with missing extension points	2018-03-23 15:28:00 +13:00
LogoutHandler.php	Revert "ENHANCEMENT Add config var to skip confirm logout (#7977)"	2018-04-04 13:51:18 +01:00
LostPasswordForm.php	BUG Implement or exclude all pending upgrader deltas	2017-07-03 12:21:47 +12:00
LostPasswordHandler.php	FIX remove personal information from password reset confirmation screen	2018-07-05 14:19:15 +12:00
MemberAuthenticator.php	[SS-2018-010] Fix regression of SS-2017-002	2018-05-14 17:12:07 +12:00
MemberLoginForm.php	API LoginForm::authentiator_class is now deprecated, use getters or setters instead	2019-02-01 19:39:15 +03:00
SessionAuthenticationHandler.php	[CVE-2019-12203] Session fixation in "change password" form	2019-09-24 16:03:48 +12:00