Vulnerability in EPiServer.Forms
Current version of EPiServer: CMS 5.1
I wanna chage user password, it's easy:
MemberShip.User = Membership.GetUser();
But how can I change password without supplying current password?
I know that I can retrivew current password using:
but I do not want to change membership configuration (this affects security).
How does EPiServer change password in Admin area (there are just two fields new password and confirm password)?!
I not want to reset password.
This is how we do it:
string temporaryPassword = membershipUser.ResetPassword(); membershipUser.ChangePassword(temporaryPassword, Password.Text);
Does this function work for episerver cms 4.62?
In 4.* version this works.
int SidID = X;UserSid userSid = UserSid.Load(SidID);string strPwd = "abcdefg123"userSid.SetPassword(strPwd);userSid.Save();