All V3 (Including v3.3.7)
Set “Force password change” on the user edit form
The form to user will be displayed normally:
The issue is that if the user sets the exact same password , there would be no problem… and that’s concerning, as the purpose is to compel users to CHANGE their password.
dan
August 29, 2023, 4:20pm
2
We are forcing a password change, but we’re allowing the same password to be used again, if typed by the user.
I’ve submitted a bug report for that, thanks.
opened 04:19PM - 29 Aug 23 UTC
bug
OP: https://community.xibo.org.uk/t/bug-forcing-password-changes-doesnt-actually… -force-real-password-changes-all-v3-versions/29910
There is reasonable expectation that the new password will be different from the existing one, and so we should validate that. In effect we will be validating that the new password does not generate the same hash as the current one.
1 Like
system
November 28, 2023, 10:20pm
3
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.
