Reset password still valid after first login
|Reported by:||rinon||Owned by:||hasienda|
|Severity:||normal||Keywords:||needinfo password reset|
After a user (or admin on behalf of the user) resets their password, logs in with their temporary password and is forced to change their password, the user is still able to log in later with that temporary password. Shouldn't AccountManager clear out any password_reset attributes on password change?
Change History (4)
comment:3 Changed 3 years ago by hasienda
- Priority changed from normal to low
- Type changed from enhancement to defect