Defect #32199

Security notification is not sent when an admin changes the password of users

Added by Go MAEDA about 1 month ago. Updated 20 days ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Email notifications
Target version:Candidate for next major release
Resolution: Affected version:

Description

Security notifications should be sent when admin changes a user's password in order to prevent admins from changing a user's password for malicious purposes.

See the table below. It describes the current behavior. Security notifications for change of email address are sent even when the change is made by admins. However, security notifications for change of password are not sent if the change is made by admins. The behavior is inconsistent.

by the user by admins
Change of password -
Change of email address

32199_change_password_by_admin.patch Magnifier (2.88 KB) Yuichi HARADA, 2019-10-08 06:42

History

#1 Updated by Yuichi HARADA about 1 month ago

Go MAEDA wrote:

Security notifications should be sent when admin changes a user's password in order to prevent admins from changing a user's password for malicious purposes.

+1
Security notification is send when an admin changes the password of users.
I attached a patch.

#2 Updated by Go MAEDA 20 days ago

  • Target version set to Candidate for next major release

Also available in: Atom PDF