[CORE-300] Do not allow current password to be used as new password - i2b2 JIRA

Details

Type: Sub-Task
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 1.7.10
Component/s: None
Labels:
- wikirelease

Description

Currently when a user changes their password they can enter the same password. In other words if their current password is demo, then they can enter demo as their "new" password. In 1.7.10 we introduce a new feature where administrators can enforce mandatory password changes. This bug creates a loophole around the requirement if users are able to reset their password to the same password.

This check will only be relevant to the current password and the new password that they are entering.

Attachments

Activity

Janice Donahoe added a comment - 12/Apr/18 8:05 PM

Tested and is working correctly. When a user is changing their password, the system will verify the new password they are entering is not the same as their current password.

Janice Donahoe added a comment - 12/Apr/18 8:05 PM Tested and is working correctly. When a user is changing their password, the system will verify the new password they are entering is not the same as their current password.

People

Assignee:: Janice Donahoe

Reporter:: Janice Donahoe

Participant/s:: Janice Donahoe

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Mar/18 5:35 PM

Updated:: 25/Apr/18 3:07 PM

Resolved:: 12/Apr/18 8:05 PM

i2b2 Core Software