[LPS-54382] Insecure handling of authentication information in 6.2.2 - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Duplicate
Affects Version/s: 6.2.2 CE GA3
Fix Version/s: None
Component/s: Application Security, Application Security > NTLM, Security Vulnerability, Workflow
Labels:
- cst-patch

Description

This ticket covers various issues in the way the portal handles authentication information in Liferay Portal 6.2 CE GA3 that are addressed by the CST patch, including:

Passwords are transmitted to the user unnecessarily
Browsers may save answers to reminder questions

Attachments

Activity

People

Assignee:

Samuel Kong

Reporter:

Samuel Kong

Participants of an Issue:

Samuel Kong

Recent user:

Esther Sanz

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

18/Mar/15 7:37 PM

Updated:

02/Dec/15 4:39 AM

Resolved:

23/Mar/15 9:03 PM

Days since last comment:

5 years, 11 weeks, 6 days ago

Packages

Version	Package