View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004140SOGoWeb Generalpublic2017-04-09 12:422018-06-13 02:44
Assigned To 
PlatformOSOS Version
Product Version3.2.8 
Target VersionFixed in Version 
Summary0004140: Changing password should require the old password.
DescriptionIf a user want's to change their password, they should be asked about their old password (like on most sites in the web or passwd on Linux).

This prevents quick changes of the password by someone who has access to an unsecured laptop for a few seconds.

The damage can be bigger than just deleting all your E-Mails (I hope the admin makes backups xD), since the password can also be used for other services besides SOGo.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
pruje (reporter)
2018-06-13 02:44

I confirm this, I was about to open the same issue.
This is a serious security issue.

I confirm this issue is still there in SOGo 4.0.
Please fix this, guys! Thanks

- Issue History
Date Modified Username Field Change
2017-04-09 12:42 skrupellos New Issue
2018-06-13 02:44 pruje Note Added: 0012917

Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker