Help

Meetings

Activity

Home Activity Log in

This proposal has been implemented

Bug fixed via https://github.com/decidim/decidim/pull/11737

Change "change password" process to make user retype current password

Antoine Billard 13/09/2022 13:57

Finished

Is your feature request related to a problem? Please describe.
If a user has a session open, anyone can change their password without typing current password.

Describe the solution you'd like
In the change password request, either have the mandatory field 'current password' to avoid any identify theft

Describe alternatives you've considered
Change password via Mail link ?

Does this issue could impact on users private data?
Yes , if shared computers or opened sessions, their password can be changed.

Funded by
No funding available

Comment

Comment details

Best rated

Recent

Older

Most discussed

You are seeing a single comment

View all comments

Decidim Product

over 1 year Edited

Hi @AntoineBIllard, thanks for the proposal. We actually reported it as a bug here: https://github.com/decidim/decidim/issues/9859

Reference: MDC-PROP-2022-09-17111
Version number 3 (of 3) see other versions

Essential

Preferences

Analytics and statistics

Marketing

Change "change password" process to make user retype current password

Please log in

Cookie settings

Essential

Preferences

Analytics and statistics

Marketing

Change "change password" process to make user retype current password

Confirm

Please log in

Share