[wp-trac] [WordPress Trac] #32430: Users should be notified of password/e-mail changes
WordPress Trac
noreply at wordpress.org
Wed Jun 17 19:30:39 UTC 2015
#32430: Users should be notified of password/e-mail changes
-------------------------------------+--------------------------
Reporter: markjaquith | Owner: markjaquith
Type: task (blessed) | Status: closed
Priority: normal | Milestone: 4.3
Component: Security | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+--------------------------
Changes (by markjaquith):
* owner: => markjaquith
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"32820"]:
{{{
#!CommitTicketReference repository="" revision="32820"
Send emails when a user's email address or password is changed.
* In case of email change, email goes to the OLD address
* Prevents against issues where an account is compromised (say via cookie
interception) and then the attacker silently takes over ownership via
pw/email changes — now there will at least be a record that something is
up
fixes #32430
props RMarks, MikeHansenMe, tharsheblows, obenland
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32430#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list