Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-6648

Require the current password on the password update form

    XMLWordPrintable

Details

    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • 0
    • 0% 0%
    • Undefined

    Description

      The password update form on the developer portal doesn't require entering the previous password thus representing a vulnerability threat.

      A pending session enable a malicious user to change the credentials of an account without any oblstacle.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-cpalmier Carlo Palmieri (Inactive)
            Dominik Hlavac Duran Dominik Hlavac Duran
            June Zhang June Zhang
            Votes:
            1 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: