Project

General

Profile

Actions

Task #2320

open

When user is changing password IdM sometimes does not check validity of old password

Added by Petr Fišer over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
Ondrej Husník
Category:
Password
Target version:
-
Start date:
06/11/2020
Due date:
% Done:

0%

Estimated time:
Owner:

Description

When user changes own password, he is prompted for old password.
Correctness of this old password is, AFAIK, checked only against IdM database.

This does not make sense in cases where IdM is configured to authenticate users against end system (i.e. AD / LDAP).
In that case, IdM may not even know user's password or may have stale password to compare to.

This effectively cancels the check of old password.

Shouldn't we start checking passwords against the same system as we authenticate the user against?
Probably will need some discussion.

No data to display

Actions

Also available in: Atom PDF