This was assigned CVE-2013-4471 ** Tags added: security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4471 -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1237989 Title: user can update his password without knowing the old password Status in OpenStack Dashboard (Horizon): Fix Released Status in OpenStack Identity (Keystone): Fix Released Status in OpenStack Security Notes: New Bug description: a user logged into horizon can change his password without needing to type in the correct old password. It's just required to type in anything as the old password. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1237989/+subscriptions