Bug #16548
Password enforcement should require provide current current password when changing password
Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Description
In Satellite, password can be changed without providing the previous one. This means one can change the password of other users in the same group.
We need to mandate that the current password be used when attempting to change to a new password.
We need to ensure that the password change activity is logged (password obscured)
Related issues
Associated revisions
History
#1
Updated by Dominik Hlavac Duran over 5 years ago
- Bugzilla link set to 1264137
#2
Updated by The Foreman Bot over 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3921 added
#3
Updated by Marek Hulán over 5 years ago
- Related to Bug #16850: Password change activity does not show in Audit log added
#4
Updated by Dominik Hlavac Duran over 5 years ago
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Applied in changeset 8aeebc296d6c3318b9af8d6959969040765d75c2.
#5
Updated by Marek Hulán over 5 years ago
- Target version changed from 115 to 1.4.2
#6
Updated by Dominic Cleal over 5 years ago
- Legacy Backlogs Release (now unused) set to 189
Fixes #16548 - Changing user own passwd require current passwd