Feature #99611: Require current password in ext:setup on password change - TYPO3 Core - TYPO3 Forge

Actions

Feature #99611

open

Require current password in ext:setup on password change

Added by Torben Hansen almost 2 years ago. Updated about 1 month ago.

Status:

New

Priority:

Should have

Assignee:

Category:

Authentication

Target version:

Candidate for Major Version

Start date:

2023-01-18

Due date:

% Done:

0%

Estimated time:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

When a backend user want to change the password, it is currently not required to enter the current password. From a security perspective, a current password verification should be implemented (see https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#change-password-feature).

Actions

Also available in: Atom PDF