Bug #16548: Password enforcement should require provide current current password when changing password - Foreman

Bug #16548

Password enforcement should require provide current current password when changing password

Added by Dominik Hlavac Duran about 2 years ago. Updated 2 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Dominik Hlavac Duran

Category:

Authentication

Target version:

1.14.0

Difficulty:

Triaged:

Bugzilla link:

1264137

Pull request:

https://github.com/theforeman/foreman/pull/3921

Team Backlog:

Fixed in Releases:

Found in Releases:

Description

In Satellite, password can be changed without providing the previous one. This means one can change the password of other users in the same group.

We need to mandate that the current password be used when attempting to change to a new password.

We need to ensure that the password change activity is logged (password obscured)

Related issues

Associated revisions

Revision 8aeebc29 (diff)
Added by Dominik Hlavac Duran almost 2 years ago

Fixes #16548 - Changing user own passwd require current passwd

History

#1 Updated by Dominik Hlavac Duran almost 2 years ago

Bugzilla link set to 1264137

#2 Updated by The Foreman Bot almost 2 years ago

Status changed from New to Ready For Testing
Pull request https://github.com/theforeman/foreman/pull/3921 added

#3 Updated by Marek Hulán almost 2 years ago

Related to Bug #16850: Password change activity does not show in Audit log added

#4 Updated by Dominik Hlavac Duran almost 2 years ago

% Done changed from 0 to 100
Status changed from Ready For Testing to Closed

Applied in changeset 8aeebc296d6c3318b9af8d6959969040765d75c2.

#5 Updated by Marek Hulán almost 2 years ago

Target version changed from 115 to 1.4.2

#6 Updated by Dominic Cleal almost 2 years ago

Legacy Backlogs Release (now unused) set to 189

Also available in: Atom PDF

Project

General

Profile

Issues

Custom queries