fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ippez Roberts (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FINERACT-516) Add current password field to prevent unauthorized users from changing password of the current user #2428
Date Mon, 28 Aug 2017 06:51:00 GMT

    [ https://issues.apache.org/jira/browse/FINERACT-516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16143445#comment-16143445
] 

Ippez Roberts commented on FINERACT-516:
----------------------------------------

@Santosh Math, I don't think it was raised before but @Nikhil Pawar was trying to do an enhancement
which he felt should be the right system behavior for password update.

> Add current password field to prevent unauthorized users from changing password of the
current user #2428
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: FINERACT-516
>                 URL: https://issues.apache.org/jira/browse/FINERACT-516
>             Project: Apache Fineract
>          Issue Type: Improvement
>          Components: User Management
>            Reporter: Santosh Math
>            Assignee: Markus Geiss
>              Labels: p2
>         Attachments: 29419719-81d3d36a-8378-11e7-9ad4-20074c6627cd.png
>
>
> Reported by Nenge1
> Link,
> Mifos dropdown->profile>change password (check the screenshot)
> Allowing user to enter only new password increase vulnerability because the username
is visible.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message