← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #27513

[Bug 1471103] [NEW] Make the password reset CLI script log out the user

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Public security bug reported:

In Bug 1396564 we added a command-line script for resetting Mahara
passwords.

Robert pointed out that this script should end any current sessions for
the user. The idea is that, if their password needs to be reset because
their account has been hacked, then we should kick out any remaining
sessions that are logged-in, because the attacker could use those to re-
reset their password.

** Affects: mahara
     Importance: Low
         Status: In Progress

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1471103

Title:
  Make the password reset CLI script log out the user

Status in Mahara ePortfolio:
  In Progress

Bug description:
  In Bug 1396564 we added a command-line script for resetting Mahara
  passwords.

  Robert pointed out that this script should end any current sessions
  for the user. The idea is that, if their password needs to be reset
  because their account has been hacked, then we should kick out any
  remaining sessions that are logged-in, because the attacker could use
  those to re-reset their password.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1471103/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next