View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000189||Main CAcert Website||account administration||public||2006-04-02 00:07||2013-01-14 03:04|
|Fixed in Version||2006|
|Summary||0000189: Can login with Certificate but can't change Password|
|Description||If you login in via Certificate (I have mine on an eToken) you can do everything but change your normal password if you have forgotten your old password. (I did :(). |
For security reason this makes no sense since I can lookup the 5 questions and my date of birth and change the password via "Forgot your password".
|Tags||No tags attached.|
So what would be a solution for that?
a) Allow password changes for cert-logins without asking for the old password?
b) Ask for password before allowing to read or change the lost password questions?
c) don't print the answers to the lost password questions in the user menu at all?
I got your point but don't think that the current situation needs to be changed.
Me too, I got your point but don't think that the current situation needs to be changed.
The user will need to change his password one way or another !
Question : is there any warning sent to the user when changing the password ?
BUT the hacker could change all the email address so the real user could not be warned on the password change.
||Well we could notify the user if the default email is changed, and then notify on password changes...|
||You can now change the password without the old password if you login with a certificate.|
|2006-04-02 00:07||plaisthos||New Issue|
||Note Added: 0000200|
||Relationship added||related to 0000171|
|2006-04-25 04:38||homer||Note Added: 0000203|
|2006-04-25 04:39||homer||Note Edited: 0000203|
|2006-08-14 14:42||duane||Note Added: 0000450|
|2006-08-14 16:00||duane||Status||new => needs work|
|2006-08-14 16:00||duane||Assigned To||=> bluec|
|2006-08-14 16:01||duane||Status||needs work => solved?|
|2006-08-14 16:01||duane||Fixed in Version||=> production|
|2006-08-14 16:01||duane||Resolution||open => fixed|
|2006-08-14 16:01||duane||Note Added: 0000452|
|2007-10-24 06:18||evaldo||Assigned To||bluec =>|
|2007-10-24 06:18||evaldo||Status||solved? => closed|
|2013-01-14 03:04||Werner Dworak||Fixed in Version||=> 2006|