Change "change password" process to make user retype current password

Is your feature request related to a problem? Please describe.
If a user has a session open, anyone can change their password without typing current password.

Describe the solution you'd like
In the change password request, either have the mandatory field 'current password' to avoid any identify theft

Describe alternatives you've considered
Change password via Mail link ?

Does this issue could impact on users private data?
Yes , if shared computers or opened sessions, their password can be changed.

Funded by
No funding available