|Anonymous | Login | Signup for a new account||2018-06-19 22:08 EDT|
|My View | View Issues | Change Log | Roadmap | Repositories|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004140||SOGo||Web General||public||2017-04-09 12:42||2018-06-13 02:44|
|Target Version||Fixed in Version|
|Summary||0004140: Changing password should require the old password.|
|Description||If a user want's to change their password, they should be asked about their old password (like on most sites in the web or passwd on Linux).|
This prevents quick changes of the password by someone who has access to an unsecured laptop for a few seconds.
The damage can be bigger than just deleting all your E-Mails (I hope the admin makes backups xD), since the password can also be used for other services besides SOGo.
|Tags||No tags attached.|
I confirm this, I was about to open the same issue.
This is a serious security issue.
I confirm this issue is still there in SOGo 4.0.
Please fix this, guys! Thanks
|2017-04-09 12:42||skrupellos||New Issue|
|2018-06-13 02:44||pruje||Note Added: 0012917|
|Copyright © 2000 - 2018 MantisBT Team|