Activity log for bug #1328705
Date | Who | What changed | Old value | New value | Message |
---|---|---|---|---|---|
2014-06-10 22:14:13 | Son Nguyen | bug | added bug | ||
2014-06-10 22:15:19 | Son Nguyen | information type | Public | Public Security | |
2014-06-10 22:15:30 | Son Nguyen | information type | Public Security | Private Security | |
2014-06-10 22:18:38 | Son Nguyen | tags | session | security | |
2014-06-10 22:20:40 | Son Nguyen | description | Reported by Turzo Ahmed <ondhokarer_rajputra@yahoo.co.uk> In Mahara, changing the password doesn't destroys the other sessions which are logged in with old passwords. As other sessions is not destroyed, attacker may be still logged in your account even after changing password, as his session is still active.. he'll have complete access on your account till that session expires! So, your account remains insecure even after the changing of password. We have 2 options to solve 1. Delete all active sessions right after an user changes his/her password 2. Facebook solved this issue by adding a process that asks users whether user want to close all open sessions or not right after changing password. | Reported by FaisaL Ahmed, http://www.faisalahmed.me/ In Mahara, changing the password doesn't destroys the other sessions which are logged in with old passwords. As other sessions is not destroyed, attacker may be still logged in your account even after changing password, as his session is still active.. he'll have complete access on your account till that session expires! So, your account remains insecure even after the changing of password. We have 2 options to solve 1. Delete all active sessions right after an user changes his/her password 2. Facebook solved this issue by adding a process that asks users whether user want to close all open sessions or not right after changing password. | |
2014-06-11 02:44:53 | Aaron Wells | mahara: importance | High | Medium | |
2014-06-11 02:46:07 | Aaron Wells | mahara: milestone | 1.10.0 | ||
2014-06-11 02:46:18 | Aaron Wells | nominated for series | mahara/1.10 | ||
2014-06-11 02:46:18 | Aaron Wells | bug task added | mahara/1.10 | ||
2014-06-11 02:46:18 | Aaron Wells | nominated for series | mahara/1.8 | ||
2014-06-11 02:46:18 | Aaron Wells | bug task added | mahara/1.8 | ||
2014-06-11 02:46:18 | Aaron Wells | nominated for series | mahara/1.9 | ||
2014-06-11 02:46:18 | Aaron Wells | bug task added | mahara/1.9 | ||
2014-06-11 02:46:18 | Aaron Wells | nominated for series | mahara/1.7 | ||
2014-06-11 02:46:18 | Aaron Wells | bug task added | mahara/1.7 | ||
2014-06-11 02:46:28 | Aaron Wells | mahara/1.7: milestone | 1.7.7 | ||
2014-06-11 02:46:31 | Aaron Wells | mahara/1.8: milestone | 1.8.4 | ||
2014-06-11 02:46:34 | Aaron Wells | mahara/1.9: milestone | 1.9.2 | ||
2014-06-11 02:46:35 | Aaron Wells | mahara/1.7: importance | Undecided | Medium | |
2014-06-11 02:46:37 | Aaron Wells | mahara/1.8: importance | Undecided | Medium | |
2014-06-11 02:46:39 | Aaron Wells | mahara/1.9: importance | Undecided | Medium | |
2014-06-11 02:46:41 | Aaron Wells | mahara/1.7: status | New | Confirmed | |
2014-06-11 02:46:43 | Aaron Wells | mahara/1.8: status | New | Confirmed | |
2014-06-11 02:46:46 | Aaron Wells | mahara/1.9: status | New | Confirmed | |
2014-07-30 09:10:07 | Robert Lyon | mahara/1.10: status | Confirmed | Fix Committed | |
2014-07-30 09:10:09 | Robert Lyon | mahara/1.7: status | Confirmed | Fix Committed | |
2014-07-30 09:10:11 | Robert Lyon | mahara/1.8: status | Confirmed | Fix Committed | |
2014-07-30 09:10:13 | Robert Lyon | mahara/1.9: status | Confirmed | Fix Committed | |
2014-07-31 21:34:53 | Robert Lyon | mahara/1.8: status | Fix Committed | Fix Released | |
2014-07-31 21:34:56 | Robert Lyon | mahara/1.9: status | Fix Committed | Fix Released | |
2014-07-31 23:09:37 | Son Nguyen | mahara/1.7: status | Fix Committed | Fix Released | |
2014-07-31 23:10:29 | Son Nguyen | mahara/1.10: assignee | Son Nguyen (ngson2000) | ||
2014-08-01 00:15:26 | Robert Lyon | information type | Private Security | Public Security | |
2014-10-21 00:33:03 | Aaron Wells | mahara: milestone | 1.10.0 | ||
2014-10-21 00:33:05 | Aaron Wells | mahara: status | Fix Committed | Fix Released | |
2014-10-21 03:44:07 | Aaron Wells | mahara/1.10: status | Fix Committed | Fix Released |