[Openstack-security] [Bug 1237989] Re: user can update his password without knowing the old password
Nathan Kinder
nkinder at redhat.com
Fri Nov 22 22:12:16 UTC 2013
Published on OpenStack and OpenStack-Dev mailing lists on 22 Nov 2013.
** Changed in: ossn
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1237989
Title:
user can update his password without knowing the old password
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in OpenStack Identity (Keystone):
Fix Released
Status in OpenStack Security Notes:
Fix Released
Bug description:
a user logged into horizon can change his password without needing to
type in the correct old password. It's just required to type in
anything as the old password.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1237989/+subscriptions
More information about the Openstack-security
mailing list