Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-1697

Prompt user to confirm Password before changing password

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 1.7.0
    • 1.9.0
    • Security
    • None
    • Important

    Description

      Upon updating the password inside the user profile, a user needs to be prompted his/her current password.

      Let's take a scenario of a user finishing work in the evening and forgets to logout of the system, the current session is 5 minutes whereby if someone gets onto the user's computer while logged in, he/she can change the password since the system allows to change a password without need to confirm the old password.

      This is a big security issue since the user's changed credentials can be used even off the current PC to maliciously cause harm. 

      edcable aleks, francisguchie rrpawar & eroemma what is your opinion on this and can it receive attention please?

      Attachments

        1. image-2022-08-21-12-42-00-827.png
          50 kB
          ibrahim kimbugwe

        Issue Links

          Activity

            People

              rrpawar Rahul Pawar
              ikimbrah ibrahim kimbugwe
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: