Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-5738

[useradm] require password prompt for changing email

    XMLWordPrintable

    Details

      Description

      An attacker that gets control of a session should not be able to change email (username) as it enables them to either do a password reset or block the real user from logging in again.

      See the linked security ticket for more details.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              olmi Alex Miliukov
              Reporter:
              olehermanse Ole Herman Schumacher Elgesem
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: