SourceForge has been redesigned. Learn more.
Close

#121 Password email is missing

v1.5.1_RC1+
closed-fixed
6
2003-03-12
2003-03-09
No

First of all I'd like to thank all the developers of yabbse
fo creating this reliable, fast, easy-to-use, and oveall
nice program.

Version: yabbse 151

Problem description: When a user changes their email
address, a new, randomly generated password is sent to
the new address. This works all right. BUT when the
user changes the password at the same time, the
password is not generated, but the new email address
and the newly given password are valid.

Correct functionig: would be in this case, that a new
password is generated and sent to the new email
address.

Risk: medium security. When exploited, the whole email
address validation is ignored.

Regards,
George

Discussion

  • George Brown

    George Brown - 2003-03-09
    • priority: 5 --> 6
     
  • David Recordon

    David Recordon - 2003-03-11
    • assigned_to: mediman --> unknownbrackets
     
  • Unknown W. Brackets

    • status: open --> closed-fixed
     
  • Unknown W. Brackets

    Logged In: YES
    user_id=633762

    This has been adressed and will be fixed in the next release.

     

Log in to post a comment.