Feature #99611: Require current password in ext:setup on password change - TYPO3 Core - TYPO3 Forge

Actions

Feature #99611

open

Require current password in ext:setup on password change

Added by Torben Hansen over 1 year ago. Updated about 2 months ago.

Status:

New

Priority:

Should have

Assignee:

Category:

-

Target version:

Start date:

2023-01-18

Due date:

% Done:

0%

Estimated time:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

When a backend user want to change the password, it is currently not required to enter the current password. From a security perspective, a current password verification should be implemented (see https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#change-password-feature).

Actions

#1

Updated by Torben Hansen over 1 year ago

For editor users, this feature is already implemented. The field is just not visible, if the current backend user is in switch user mode.

Actions

#2

Updated by Benni Mack about 1 year ago

Target version changed from 12 LTS to Candidate for Major Version

Actions

#3

Updated by Torben Hansen about 2 months ago

Assignee changed from Torben Hansen to Oliver Hader
Target version changed from Candidate for Major Version to 13 LTS

Actions

Also available in: Atom PDF