Skip to main content

Cookie settings

We use cookies to ensure the basic functionalities of the website and to enhance your online experience. You can choose for each category to opt-in/out whenever you want.

Essential

Preferences

Analytics and statistics

Marketing

This proposal has been implemented

Change "change password" process to make user retype current password

Avatar: Antoine Billard Antoine Billard Main repo (merged)

Is your feature request related to a problem? Please describe.
If a user has a session open, anyone can change their password without typing current password.

Describe the solution you'd like
In the change password request, either have the mandatory field 'current password' to avoid any identify theft

Describe alternatives you've considered
Change password via Mail link ?

Does this issue could impact on users private data?
Yes , if shared computers or opened sessions, their password can be changed.

Funded by
No funding available

Comment

Confirm

Please log in

The password is too short.

Share