Password change procedure does not ask for old password
Bug #805499 reported by
Jonathan Davies
This bug report is a duplicate of:
Bug #829836: Password can be changed with only cookie authentication.
Edit
Remove
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical SSO provider |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
This came in via the SSO support form:
"The procedure to change the password does not ask for the old password. I think for increased security, the old password is needed to choose a new one."
To post a comment you must log in.
I agree, the old password should be required.