Mahara

The reset password link should expire

Bug #1296472 reported by Son Nguyen on 2014-03-24

256

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Robert Lyon	Mahara 1.10.0
1.7	Fix Released	High	Robert Lyon	Mahara 1.7.7
1.8	Fix Released	High	Robert Lyon	Mahara 1.8.4
1.9	Fix Released	High	Robert Lyon	Mahara 1.9.2

Bug Description

Version: all
Platform: all

If the reset password link can expire, it would be more secure.

Tags:

Son Nguyen (ngson2000) on 2014-03-24

information type:

Public → Public Security

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-04-23: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/3279

Son Nguyen (ngson2000) on 2014-06-10

Changed in mahara:
status:	Confirmed → In Progress
assignee:	nobody → Robert Lyon (robertl-9)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-06-19: A change has been merged

Reviewed: https://reviews.mahara.org/3279
Committed: http://gitorious.org/mahara/mahara/commit/fc9ee33299c51e8a13243c4826bf7515065592d6
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit fc9ee33299c51e8a13243c4826bf7515065592d6
Author: Robert Lyon <email address hidden>
Date: Wed Apr 23 19:49:17 2014 +1200

Checking and removing of expired password requests (Bug #1296472)

Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon <email address hidden>

Aaron Wells (u-aaronw) on 2014-06-19

Changed in mahara:
status:	In Progress → Fix Committed
milestone:	none → 1.10.0

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2014-06-19:

Since this is a security bug, we should backport it to the other stable releases.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-07-30: A patch has been submitted for review

Patch for "1.9_STABLE" branch: https://reviews.mahara.org/3531

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-07-30:

Patch for "1.8_STABLE" branch: https://reviews.mahara.org/3532

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-07-30:

Patch for "1.7_STABLE" branch: https://reviews.mahara.org/3533

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-07-30: A change has been merged

Reviewed: https://reviews.mahara.org/3533
Committed: http://gitorious.org/mahara/mahara/commit/6256bcb3814f732ee8e0e5fdef76b56d7b68b4e3
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.7_STABLE

commit 6256bcb3814f732ee8e0e5fdef76b56d7b68b4e3
Author: Robert Lyon <email address hidden>
Date: Wed Apr 23 19:49:17 2014 +1200

Checking and removing of expired password requests (Bug #1296472)

Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-07-30:

Reviewed: https://reviews.mahara.org/3532
Committed: http://gitorious.org/mahara/mahara/commit/6477995ed592cf05d8c48d5b8756f1296e7559b8
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.8_STABLE

commit 6477995ed592cf05d8c48d5b8756f1296e7559b8
Author: Robert Lyon <email address hidden>
Date: Wed Apr 23 19:49:17 2014 +1200

Checking and removing of expired password requests (Bug #1296472)

Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-07-30:

Reviewed: https://reviews.mahara.org/3531
Committed: http://gitorious.org/mahara/mahara/commit/ac17b3d06a74e126ac233f01065a79d9dc9cefa0
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.9_STABLE

commit ac17b3d06a74e126ac233f01065a79d9dc9cefa0
Author: Robert Lyon <email address hidden>
Date: Wed Apr 23 19:49:17 2014 +1200

Checking and removing of expired password requests (Bug #1296472)

Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon <email address hidden>

Aaron Wells (u-aaronw) on 2014-10-21

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.