Project

General

Profile

Actions

Bug #16548

closed

Password enforcement should require provide current current password when changing password

Added by Dominik Hlavac Duran over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
Authentication
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

In Satellite, password can be changed without providing the previous one. This means one can change the password of other users in the same group.

We need to mandate that the current password be used when attempting to change to a new password.

We need to ensure that the password change activity is logged (password obscured)


Related issues 1 (0 open1 closed)

Related to Foreman - Bug #16850: Password change activity does not show in Audit logClosedDominik Hlavac Duran10/10/2016Actions
Actions

Also available in: Atom PDF