#812: change password without entering old
------------------------+--------------------
Reporter: tim | Owner: nobody
Type: defect | Status: new
Priority: minor | Milestone:
Component: siteadmin | Version:
Resolution: | Keywords:
------------------------+--------------------
Comment (by rjollos):
Replying to [ticket:812 tim]:
> Should this be considered a security issue? Perhaps an admin shouldn't
be able to change their own password through the admin panel without
entering their own old password? Or is it a non-issue?
The issue is worth discussing at least. The behavior is implemented by the
[th:AccountManagerPlugin], so I suggest opening a ticket for the plugin
and seeing what the author has to say about the issue.
--
Ticket URL: <https://issues.apache.org/bloodhound/ticket/812#comment:1>
Apache Bloodhound <https://issues.apache.org/bloodhound/>
The Apache Bloodhound issue tracker
