Actions
Feature #99611
open
Require current password in ext:setup on password change
Status:
New
Priority:
Should have
Assignee:
Category:
Authentication
Target version:
Start date:
2023-01-18
Due date:
% Done:
0%
Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:
Description
When a backend user want to change the password, it is currently not required to enter the current password. From a security perspective, a current password verification should be implemented (see https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#change-password-feature).
Updated by Torben Hansen almost 2 years ago
For editor users, this feature is already implemented. The field is just not visible, if the current backend user is in switch user mode.
Updated by Benni Mack over 1 year ago
- Target version changed from 12 LTS to Candidate for Major Version
Updated by Torben Hansen 9 months ago
- Assignee changed from Torben Hansen to Oliver Hader
- Target version changed from Candidate for Major Version to 13 LTS
Updated by
Updated by Benni Mack about 1 month ago
- Target version changed from 13 LTS to Candidate for Major Version
Actions