[openstreetmap/openstreetmap-website] Require current password before accepting a new password (#2144)
notifications at github.com
Thu Feb 14 21:48:52 UTC 2019
If I find a computer in a lab with a browser that is logged into osm.org, I can change the password without knowing the current password and take over the person's account. Most other password reset flows will require knowing the current password before changing to a new password.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rails-dev