From ac0565b7a539398a07adf21f04f85cd2574817d2 Mon Sep 17 00:00:00 2001
From: Helmut Hummel <typo3@helhum.io>
Date: Tue, 7 May 2019 11:42:53 +0200
Subject: [PATCH] [SECURITY] Avoid logging sensitive information during
 authentication

In order to avoid logging sensitive information during authentication
using the logging framework, according log level DEBUG is used.

Resolves: #88230
Releases: master, 9.5
Security-Commit: d5a371043f9e52a6f614bc0e15f828988b1aba61
Security-Bulletin: TYPO3-CORE-SA-2019-010
Change-Id: I7bcd365b25733ceb95ee03c80280f90447381184
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60698
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
 Classes/Authentication/AbstractUserAuthentication.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Classes/Authentication/AbstractUserAuthentication.php b/Classes/Authentication/AbstractUserAuthentication.php
index 6adf0fb723..515798a503 100644
--- a/Classes/Authentication/AbstractUserAuthentication.php
+++ b/Classes/Authentication/AbstractUserAuthentication.php
@@ -794,14 +794,14 @@ public function checkAuthentication()
                     $logData = [
                         'loginData' => $loginData
                     ];
-                    $this->logger->warning('Login failed', $logData);
+                    $this->logger->debug('Login failed', $logData);
                 }
                 if (!empty($tempuserArr)) {
                     $logData = [
                         $this->userid_column => $tempuser[$this->userid_column],
                         $this->username_column => $tempuser[$this->username_column],
                     ];
-                    $this->logger->warning('Login failed', $logData);
+                    $this->logger->debug('Login failed', $logData);
                 }
             }
         }