Security enhancements
(CORE-283)
|
|
| Status: | Resolved |
| Project: | i2b2 Core Software |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.7.10 |
| Type: | Sub-Task | Priority: | Major |
| Reporter: | Janice Donahoe | Assignee: | Janice Donahoe |
| Resolution: | Done | Votes: | 0 |
| Labels: | wikirelease | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participant/s: |
| Description |
|
Currently when a user changes their password they can enter the same password. In other words if their current password is demo, then they can enter demo as their "new" password. In 1.7.10 we introduce a new feature where administrators can enforce mandatory password changes. This bug creates a loophole around the requirement if users are able to reset their password to the same password.
This check will only be relevant to the current password and the new password that they are entering. |
| Comments |
| Comment by Janice Donahoe [ 12/Apr/18 ] |
|
Tested and is working correctly. When a user is changing their password, the system will verify the new password they are entering is not the same as their current password.
|
[CORE-300]