[wp-trac] [WordPress Trac] #20140: Ask old password to change user password
WordPress Trac
noreply at wordpress.org
Tue Sep 24 02:00:34 UTC 2013
#20140: Ask old password to change user password
------------------------------------------+-----------------------
Reporter: nprasath002 | Owner:
Type: feature request | Status: assigned
Priority: normal | Milestone: 3.7
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch commit 2nd-opinion |
------------------------------------------+-----------------------
Changes (by nacin):
* keywords: has-patch dev-feedback => has-patch commit 2nd-opinion
Comment:
I could go for this. [attachment:20140.3.diff] is a clean-up.
I guarantee it'll take only a few days for us to receive a security report
that states an administrator can simply create a new user, then log in as
that user to change the first administrator's password. At the same time,
though, that obviously could already happen.
This is designed for better user security for sub-administrator roles.
Which is good, because they're commonly being used in attacks.
I'm going to put this on the agenda for Wednesday's meeting. Marking for
commit (dev-wise) pending feedback as to whether we want this.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20140#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list