[CORE-300] Do not allow current password to be used as new password - i2b2 JIRA

XML

Word

Printable

Details

Type: Sub-Task
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 1.7.10
Component/s: None
Labels:
- wikirelease

Description

Currently when a user changes their password they can enter the same password. In other words if their current password is demo, then they can enter demo as their "new" password. In 1.7.10 we introduce a new feature where administrators can enforce mandatory password changes. This bug creates a loophole around the requirement if users are able to reset their password to the same password.

This check will only be relevant to the current password and the new password that they are entering.

Attachments

Activity

People

Assignee:: Janice Donahoe

Reporter:: Janice Donahoe

Participant/s:: Janice Donahoe

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Mar/18 5:35 PM

Updated:: 25/Apr/18 3:07 PM

Resolved:: 12/Apr/18 8:05 PM