Password change process should require old password
---------------------------------------------------
Key: JSPWIKI-45
URL: https://issues.apache.org/jira/browse/JSPWIKI-45
Project: JSPWiki
Issue Type: Improvement
Components: Security
Affects Versions: 2.5.139-beta, 2.4.104, 2.6.0
Reporter: Janne Jalkanen
UserProfile.jsp does not require you to type in your old password to change the
new password. This can be a problem if you inadvertently leave your computer
open and someone gains access to it.
I think the old password should probably be required to change the email
address as well, or else it could be used to restore the backend.
(From Ounce)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
