Project

General

Profile

Actions

Feature #99611

open

Require current password in ext:setup on password change

Added by Torben Hansen over 1 year ago. Updated 3 months ago.

Status:
New
Priority:
Should have
Assignee:
Category:
-
Target version:
Start date:
2023-01-18
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

When a backend user want to change the password, it is currently not required to enter the current password. From a security perspective, a current password verification should be implemented (see https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#change-password-feature).

Actions #1

Updated by Torben Hansen over 1 year ago

For editor users, this feature is already implemented. The field is just not visible, if the current backend user is in switch user mode.

Actions #2

Updated by Benni Mack about 1 year ago

  • Target version changed from 12 LTS to Candidate for Major Version
Actions #3

Updated by Torben Hansen 3 months ago

  • Assignee changed from Torben Hansen to Oliver Hader
  • Target version changed from Candidate for Major Version to 13 LTS
Actions

Also available in: Atom PDF