Canonical SSO provider

Password change procedure does not ask for old password

Bug #805499 reported by Jonathan Davies on 2011-07-04

This bug report is a duplicate of: Bug #829836: Password can be changed with only cookie authentication. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical SSO provider	Confirmed	Undecided	Unassigned

Bug Description

This came in via the SSO support form:

"The procedure to change the password does not ask for the old password. I think for increased security, the old password is needed to choose a new one."

Revision history for this message

Leo Arias (elopio) wrote on 2011-08-25:

I agree, the old password should be required.

Changed in canonical-identity-provider:
status:	New → Confirmed

Revision history for this message

Leo Arias (elopio) wrote on 2011-11-23:

Can you please make public the bug this is a duplicate of?
So we can follow up its status.

thanks.

Revision history for this message

Stuart Metcalfe (stuartmetcalfe) wrote on 2011-11-23:

Done

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #829836 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.