[openstreetmap/openstreetmap-website] Require current password before accepting a new password (#2144)

b-jazz notifications at github.com
Thu Feb 14 21:48:52 UTC 2019

If I find a computer in a lab with a browser that is logged into osm.org, I can change the password without knowing the current password and take over the person's account. Most other password reset flows will require knowing the current password before changing to a new password.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190214/b1fe2a15/attachment.html>

More information about the rails-dev mailing list