Propose new features
Designing Decidim together
Change "change password" process to make user retype current password
Is your feature request related to a problem? Please describe.
If a user has a session open, anyone can change their password without typing current password.
Describe the solution you'd like
In the change password request, either have the mandatory field 'current password' to avoid any identify theft
Describe alternatives you've considered
Change password via Mail link ?
Does this issue could impact on users private data?
Yes , if shared computers or opened sessions, their password can be changed.
Funded by
No funding available
This proposal has been accepted because:
Bug fixed via https://github.com/decidim/decidim/pull/11737
List of Endorsements
Report inappropriate content
Is this content inappropriate?
1 comment
Loading comments ...
Add your comment
Sign in with your account or sign up to add your comment.
Loading comments ...