Make WordPress Core

Opened 18 years ago

Closed 18 years ago

Last modified 14 months ago

#4444 closed enhancement (invalid)

Ask for current password when changing password

Reported by: viper007bond's profile Viper007Bond Owned by:
Milestone: Priority: low
Severity: minor Version: 2.3
Component: Administration Keywords:
Focuses: Cc:

Description

Any thoughts on the idea of forcing users to enter their current password before being able to change their account's password? This would add a little security on the off-chance that someone gained access to a user's admin area (say if they stupidly ticked "remember me" on a public PC or something).

Change History (3)

#1 @markjaquith
18 years ago

I don't think this buys us any additional security. Someone with such access could install a backdoor, create a new user, or do any number of other things to engineer future access.

#2 @Viper007Bond
18 years ago

  • Resolution set to invalid
  • Status changed from new to closed
Someone with such access could install a backdoor

Only if the user has their theme files writable.

create a new user

Oh, good point. Nevermind then.

#3 @rob1n
18 years ago

  • Milestone 2.3 (trunk) deleted
Note: See TracTickets for help on using tickets.