[THREESCALE-6648] Add the current password to the password update form - Red Hat Issue Tracker

XML

Word

Printable

Details

Type: Feature Request
Status: To Develop (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: SaaS, 2.9.1 GA
Fix Version/s: None
Component/s: System
Labels:

Target Release:

2.12.0 CR1

Description

The password update form on the developer portal doesn't require entering the previous password thus representing a vulnerability threat.

A pending session enable a malicious user to change the credentials of an account without any oblstacle.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Carlo Palmieri

Designer:: June Zhang

Tester:: Jakub Smolár

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021/Jan/29 10:56 AM

Updated:: 2021/Dec/22 6:33 AM