yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1237989] Re: user can update his password without knowing the old password

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1237989@xxxxxxxxxxxxxxxxxx>
Date: Mon, 14 Oct 2013 21:32:37 -0000
Reply-to: Bug 1237989 <1237989@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/51667
Committed: http://github.com/openstack/horizon/commit/d716bfcdbfe6d4c22df9e1ae5fdb7a54d5150f28
Submitter: Jenkins
Branch:    milestone-proposed

commit d716bfcdbfe6d4c22df9e1ae5fdb7a54d5150f28
Author: Matthias Runge <mrunge@xxxxxxxxxx>
Date:   Fri Oct 11 11:17:59 2013 +0200

    Hide settings/change password on keystone v3
    
    When using keystone v3, it was possible to change the user
    password without knowing the old password.
    
    Change-Id: I2e3721f9c8a1de4b9a5f85b230432844d2c83507
    Closes-Bug: 1237989


** Changed in: horizon
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1237989

Title:
  user can update his password without knowing the old password

Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in OpenStack Identity (Keystone):
  Fix Committed
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
  a user logged into horizon can change his password without needing to
  type in the correct old password. It's just required to type in
  anything as the old password.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1237989/+subscriptions