Propose new features
Designing Decidim together
Change "change password" process to make user retype current password
Is your feature request related to a problem? Please describe.
If a user has a session open, anyone can change their password without typing current password.
Describe the solution you'd like
In the change password request, either have the mandatory field 'current password' to avoid any identify theft
Describe alternatives you've considered
Change password via Mail link ?
Does this issue could impact on users private data?
Yes , if shared computers or opened sessions, their password can be changed.
No funding available
This proposal is being evaluated
Being fixed at https://github.com/decidim/decidim/issues/9859
List of Endorsements
Report inappropriate content
Is this content inappropriate?
You are seeing a single comment
View all comments
Hi @AntoineBIllard, thanks for the proposal. We actually reported it as a bug here: https://github.com/decidim/decidim/issues/9859
Loading comments ...