[wp-trac] [WordPress Trac] #20140: Ask old password to change user password

WordPress Trac noreply at wordpress.org
Tue Apr 28 11:33:29 UTC 2015 

#20140: Ask old password to change user password
------------------------------------------+-----------------------------
 Reporter:  nprasath002                   |       Owner:
     Type:  feature request               |      Status:  assigned
 Priority:  normal                        |   Milestone:  Future Release
Component:  Security                      |     Version:
 Severity:  normal                        |  Resolution:
 Keywords:  has-patch commit 2nd-opinion  |     Focuses:
------------------------------------------+-----------------------------

Comment (by stephenharris):

 As already mentioned that there are some difficulties in implementing this
 in a meaningful way. An attacker who gains access to an admin account
 could do any of the following (even if this ticket is resolved):

 1. Create a new user with admin capabilities
 2. Change the e-mail address and use WordPress' 'forgot password?' feature
 3. Access the plug-in /theme editor and do all sort of nefarious things.

 (3) is a special case in my opinion. There seems to be little appetite to
 remove it from core, so if a site admin decides not to disable it, then
 they are accepting the security risk it entails. The only solution would
 be to password protect those pages also which would be awkward to
 implement.

 Leaving (3) aside, I think if this ticket were to be resolved (and I hope
 it would be), then we need to either password-protect the change of e-mail
 address or send a confirmation e-mail to the current e-mail address.
 Preferably giving the user a choice.

 Additionally a password should be required when creating a user / changing
 a user's role / changing a user's password (that is the password of the
 user making the changes, not the user affected by the changes).

 This may seem like a bit of a feature creep - but if this is to be
 implemented at all, we'd need to cover all bases. (Some interesting
 thoughts by Eric Mann related to this ticket .here: http://ttmm.io/tech
 /sudo-in-wordpress/).

 I'd love to hear back from someone on the core team as to what the opinion
 on this ticket is. Is it a definite no-go? If not, would it be reasonabily
 considered if it were developed as a 'feature plug-in'? Are there any
 immediate blockers a developer of said plug-in should be aware of? ;)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/20140#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list