Skip to content

Commit

Permalink
[SECURITY] Avoid logging sensitive information during authentication
Browse files Browse the repository at this point in the history 
In order to avoid logging sensitive information during authentication
using the logging framework, according log level DEBUG is used.

Resolves: #88230
Releases: master, 9.5
Security-Commit: d5a371043f9e52a6f614bc0e15f828988b1aba61
Security-Bulletin: TYPO3-CORE-SA-2019-010
Change-Id: I7bcd365b25733ceb95ee03c80280f90447381184
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60698
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
  • Loading branch information
@helhum @ohader
helhum authored and ohader committed May 7, 2019
1 parent fb55c72 commit ac0565b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Classes/Authentication/AbstractUserAuthentication.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -794,14 +794,14 @@ public function checkAuthentication()
$logData = [
'loginData' => $loginData
];
$this->logger->warning('Login failed', $logData);
$this->logger->debug('Login failed', $logData);
}
if (!empty($tempuserArr)) {
$logData = [
$this->userid_column => $tempuser[$this->userid_column],
$this->username_column => $tempuser[$this->username_column],
];
$this->logger->warning('Login failed', $logData);
$this->logger->debug('Login failed', $logData);
}
}
}
Expand Down

0 comments on commit ac0565b

Please # to comment.