[Openstack-security] [Bug 1237989] Re: user can update his password without knowing the old password

Robert Clark 1237989 at bugs.launchpad.net
Wed Nov 20 07:35:46 UTC 2013


Great OSSN, I'd say it'd ready to publish pretty much.

In the third sentence of the discussion "a users" needs to read "a
user's"

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1237989

Title:
  user can update his password without knowing the old password

Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in OpenStack Identity (Keystone):
  Fix Released
Status in OpenStack Security Notes:
  In Progress

Bug description:
  a user logged into horizon can change his password without needing to
  type in the correct old password. It's just required to type in
  anything as the old password.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1237989/+subscriptions




More information about the Openstack-security mailing list