[openstreetmap/openstreetmap-website] Require current password before accepting a new password (#2144)
b-jazz
notifications at github.com
Thu Feb 14 21:48:52 UTC 2019
If I find a computer in a lab with a browser that is logged into osm.org, I can change the password without knowing the current password and take over the person's account. Most other password reset flows will require knowing the current password before changing to a new password.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2144
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190214/b1fe2a15/attachment.html>
More information about the rails-dev
mailing list