[buddypress-trac] [BuddyPress Trac] #6111: User can input old password as new

buddypress-trac noreply at wordpress.org
Wed Jan 28 00:12:51 UTC 2015

#6111: User can input old password as new
 Reporter:  slaFFik                     |       Owner:
     Type:  defect (bug)                |      Status:  new
 Priority:  normal                      |   Milestone:  Future Release
Component:  Settings                    |     Version:
 Severity:  normal                      |  Resolution:
 Keywords:  needs-patch good-first-bug  |

Comment (by henry.wright):

 Just to chip in with my two pennies worth...

 If a member has changed their password, then that indicates either a) they
 had forgotten their old password or b) their old password had been
 compromised. If it's the case of the latter and at a later date the member
 again changes their password (this time to the old compromised password
 perhaps forgetting it was compromised in the past) then that could pose a
 security threat.

 If remembering old passwords is a trivial thing to do then I'd opt for
 that approach. That said, I'm now thinking that might be overkill.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6111#comment:4>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list