Bug #16548

Password enforcement should require provide current current password when changing password

Added by Dominik Hlavac Duran 9 months ago. Updated 7 months ago.

Status:Closed
Priority:Normal
Assigned To:Dominik Hlavac Duran
Category:Authentication
Target version:Team Marek Iteration 5
Difficulty: Bugzilla link:1264137
Found in release: Pull request:https://github.com/theforeman/foreman/pull/3921
Story points-
Velocity based estimate-
Release1.14.0Release relationshipAuto

Description

In Satellite, password can be changed without providing the previous one. This means one can change the password of other users in the same group.

We need to mandate that the current password be used when attempting to change to a new password.

We need to ensure that the password change activity is logged (password obscured)


Related issues

Related to Foreman - Bug #16850: Password change activity does not show in Audit log Closed 10/10/2016

Associated revisions

Revision 8aeebc29
Added by Dominik Hlavac Duran 7 months ago

Fixes #16548 - Changing user own passwd require current passwd

History

#1 Updated by Dominik Hlavac Duran 8 months ago

  • Bugzilla link set to 1264137

#2 Updated by The Foreman Bot 8 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3921 added

#3 Updated by Marek Hulán 8 months ago

  • Related to Bug #16850: Password change activity does not show in Audit log added

#4 Updated by Dominik Hlavac Duran 7 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Marek Hulán 7 months ago

  • Target version changed from Team Marek backlog to Team Marek Iteration 5

#6 Updated by Dominic Cleal 7 months ago

  • Release set to 1.14.0

Also available in: Atom PDF