[wp-trac] [WordPress Trac] #20140: Ask old password to change user password

WordPress Trac noreply at wordpress.org
Thu Aug 15 23:23:14 UTC 2013


#20140: Ask old password to change user password
-------------------------------------------------+-------------------------
 Reporter:  nprasath002                          |       Owner:  tman4506
     Type:  feature request                      |      Status:  accepted
 Priority:  normal                               |   Milestone:  Awaiting
Component:  Security                             |  Review
 Severity:  normal                               |     Version:
 Keywords:  has-patch dev-feedback needs-        |  Resolution:
  refresh                                        |
-------------------------------------------------+-------------------------

Comment (by azaozz):

 Thinking more about this: when users change their own passwords typing the
 old password is more or less expected and adds some security.

 That's not the case when an admin is changing another user's password. The
 current patch also requires the admin to know the user's current password
 to be able to change it. That's not acceptable.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/20140#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list