Changing password does not work for newly registered users with generated passwords
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| mediawiki (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Version 1.19.14 of mediawiki package in 14.04 has bug, which prevents Change password form from working correctly (session token related).
Newly created users with generated passwords are forced to change password after login. After submitting new password they get the error "There seems to be a problem with your login session; this action has been cancelled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again."
Changing password for existing users works properly.
To reproduce:
1. Create user account with random password sent to email
2. Login with that username
3. Try to change generated password
This was (probably) fixed in 1.19.15:
http://
Changes since 1.19.14
Fixed resetting passwords.
Version 1.19.17 works properly in all cases.
| Lewis Cawte (lewiscawte) wrote | #1 |
| node13h (sergej-alikov) wrote | #2 |
| Changed in mediawiki (Ubuntu): | |
| status: | New → Fix Released |
| Yongmin Hong (revi) wrote | #3 |
Someone probably wants to build a new package for MediaWiki... at least stay up with the 1.19 LTS branch (currently 1.19.8), if not up to date with the current stable 1.23 branch.
Currently there are four security fixes not in the package that have been released for 1.19...