[openstreetmap/openstreetmap-website] Require current password before accepting a new password (#2144)

b-jazz notifications at github.com
Thu Feb 14 21:48:52 UTC 2019


If I find a computer in a lab with a browser that is logged into osm.org, I can change the password without knowing the current password and take over the person's account. Most other password reset flows will require knowing the current password before changing to a new password.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2144
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190214/b1fe2a15/attachment.html>


More information about the rails-dev mailing list