View Issue Details

IDProjectCategoryView StatusLast Update
0020816mantisbtauthenticationpublic2016-06-12 00:42
ReportercproensaAssigned Todregad 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.3.0-rc.1 
Target Version1.3.0-rc.2Fixed in Version1.3.0-rc.2 
Summary0020816: user verification / password reset allows setting of empty password
Description

On account verification, or password reset, when the user is prompted for a new password, a blank password is allowed to be entered

This may happens on two situations:

  • Administrator resets a user password
    The user password is set to a random one, and the email notification is sent.
    If user fails to update his password, he cant log in again, because the random password has been kept.
  • User uses "forgotten password functionality".
    The notification allows the user to go to account update page, if not filled in, the old password is still active (which the user forgot, so probably cant log in again)

This situation is aggravated if the activation link was expired of first use

TagsNo tags attached.

Relationships

related to 0006009 closedcproensa Cannot change password in second enter to verification page 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master 01affc80

2016-04-17 12:48:51

cproensa


Committer: dregad Details Diff
Do not allow blank password on account verification

Fixes 0020816
mod - account_update.php Diff File

Issue History

Date Modified Username Field Change
2016-04-17 12:16 cproensa New Issue
2016-04-17 12:16 cproensa Product Version => 1.3.0-rc.1
2016-04-17 12:16 cproensa Relationship added related to 0006009
2016-04-17 12:58 cproensa Description Updated View Revisions
2016-04-17 13:13 cproensa Assigned To => cproensa
2016-04-17 13:13 cproensa Status new => assigned
2016-05-14 12:30 dregad Changeset attached => MantisBT master 01affc80
2016-05-14 12:30 dregad Assigned To cproensa => dregad
2016-05-14 12:30 dregad Status assigned => resolved
2016-05-14 12:30 dregad Resolution open => fixed
2016-05-14 12:30 dregad Fixed in Version => 1.3.0-rc.2
2016-05-14 15:25 atrol Target Version => 1.3.0-rc.2
2016-06-12 00:42 vboctor Status resolved => closed