Bug #16548

Password enforcement should require provide current current password when changing password

Added by Dominik Hlavac Duran almost 2 years ago. Updated 9 days ago.

Status:Closed
Priority:Normal
Assignee:Dominik Hlavac Duran
Category:Authentication
Target version:1.14.0
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link:1264137 Found in Releases:
Pull request:https://github.com/theforeman/foreman/pull/3921

Description

In Satellite, password can be changed without providing the previous one. This means one can change the password of other users in the same group.

We need to mandate that the current password be used when attempting to change to a new password.

We need to ensure that the password change activity is logged (password obscured)


Related issues

Related to Foreman - Bug #16850: Password change activity does not show in Audit log Closed 10/10/2016

Associated revisions

Revision 8aeebc29
Added by Dominik Hlavac Duran over 1 year ago

Fixes #16548 - Changing user own passwd require current passwd

History

#1 Updated by Dominik Hlavac Duran almost 2 years ago

  • Bugzilla link set to 1264137

#2 Updated by The Foreman Bot almost 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3921 added

#3 Updated by Marek Hulán almost 2 years ago

  • Related to Bug #16850: Password change activity does not show in Audit log added

#4 Updated by Dominik Hlavac Duran over 1 year ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#5 Updated by Marek Hulán over 1 year ago

  • Target version changed from 115 to 1.4.2

#6 Updated by Dominic Cleal over 1 year ago

  • Legacy Backlogs Release (now unused) set to 189

Also available in: Atom PDF