** Changed in: mahara
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org
** Also affects: mahara/18.10
Importance: Undecided
Status: New
** Changed in: mahara/18.10
Milestone: None => 18.10.0
** Changed in: mahara/18.10
Importance: Undecided => Medium
** Changed in: mahara/18.10
Status: New => Fix Committed
--
You received this bug
** Changed in: mahara
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum
Because of the fact a user can SSO in and so they do not have a valid
password in Mahara itself we can't force them to re-enter their password
to do the following:
1. Changing your username
2. Changing your primary email address (because this can make it impossible to
recover your password)
3.
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000141
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or
A problem here is if the user logged in via SSO they don't have/know a
password in Mahara
** Changed in: mahara
Milestone: 17.10.0 => 18.04.0
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions:
** Changed in: mahara
Milestone: 17.04.0 => None
** Changed in: mahara
Milestone: None => 17.10.0
** Changed in: mahara
Importance: Low => Medium
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching
** Changed in: mahara
Milestone: 16.10.1 => 17.04.0
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
** Changed in: mahara
Milestone: 16.10.0 => 16.10.1
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
** Changed in: mahara
Milestone: 16.04.0 => 16.10.0
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
** Changed in: mahara
Milestone: 15.10.0 => 16.04.0
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
Indeed, if we wanted to be more secure, we could consider asking for
password, and/or sending out email notifications, when certain user
actions take place. I think maybe a good rule of thumb, is any action
that can prevent you from being able to log in. So that would be:
1. Changing your
12 matches
Mail list logo