[
http://mifosforge.jira.com/browse/MIFOS-266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Chudy reassigned MIFOS-266:
----------------------------------
Assignee: Kay Chau (was: aditi_sandeep)
> SECURITY: Change password does not force new password
> -----------------------------------------------------
>
> Key: MIFOS-266
> URL: http://mifosforge.jira.com/browse/MIFOS-266
> Project: mifos
> Issue Type: Improvement
> Components: Misc
> Affects Versions: Release 0.1
> Environment: Platform: PC, OS: Windows XP
> Reporter: gconard
> Assignee: Kay Chau
> Priority: Critical
> Fix For: Unscheduled
>
>
> user action:
> - after creating new user, logged in as new user
> - asked to change password
> - entered same password for old and new
> actual:
> - old password accepted as new
> expected:
> - don't accept old password as new
> - user should either a) be forced to change pw or b) be allowed to navigate
> away
> from change password, but good security practice does not allow user to
> "fake" a
> password change but keep the PW the same
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mifosforge.jira.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
