Project

General

Profile

Actions
Copy link

Bug #16548

closed

Password enforcement should require provide current current password when changing password

Added by Dominik Hlavac Duran over 7 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Dominik Hlavac Duran
Category:
Authentication
Target version:
1.14.0
Difficulty:
Triaged:
Bugzilla link:
1264137
Pull request:
https://github.com/theforeman/foreman/pull/3921
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

In Satellite, password can be changed without providing the previous one. This means one can change the password of other users in the same group.

We need to mandate that the current password be used when attempting to change to a new password.

We need to ensure that the password change activity is logged (password obscured)

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #16850: Password change activity does not show in Audit logClosedDominik Hlavac Duran10/10/2016Actions
Actions
Copy link
 #1

Updated by Dominik Hlavac Duran over 7 years ago

  • Bugzilla link set to 1264137
Actions
Copy link
 #2

Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3921 added
Actions
Copy link
 #3

Updated by Marek Hulán over 7 years ago

  • Related to Bug #16850: Password change activity does not show in Audit log added
Actions
Copy link
 #4

Updated by Dominik Hlavac Duran over 7 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #5

Updated by Marek Hulán over 7 years ago

  • Target version changed from 115 to 1.4.2
Actions
Copy link
 #6

Updated by Dominic Cleal over 7 years ago

  • translation missing: en.field_release set to 189
Actions
Copy link

Also available in: Atom PDF