#4444 closed enhancement (invalid)
Ask for current password when changing password
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | low | |
Severity: | minor | Version: | 2.3 |
Component: | Administration | Keywords: | |
Focuses: | Cc: |
Description
Any thoughts on the idea of forcing users to enter their current password before being able to change their account's password? This would add a little security on the off-chance that someone gained access to a user's admin area (say if they stupidly ticked "remember me" on a public PC or something).
Change History (3)
Note: See
TracTickets for help on using
tickets.
I don't think this buys us any additional security. Someone with such access could install a backdoor, create a new user, or do any number of other things to engineer future access.