November Happy Hour will be moved to Thursday December 5th.
November Happy Hour will be moved to Thursday December 5th.
For editors and admins...no. You can set the new password without the old.
For your other users, that is solution specific and needs to be built by a developer. Normally you have a link to a "change password" function on your profile page. Add an extra field to gui and easiest is to use the membership provider method change password in the backend...
var ICanHazSuccess = System.Web.Security.Membership.Provider.ChangePassword("Daniel", "oldpass", "newpass");
Hi,
We recently found the same issue in a security audit. It has been reported to the support. I'll keep you posted about the outcome of it.
Thanks for the replies and Mattias for making a ticket for it.
In our case this is would be needed for editors and admins, figured that it would just be some sort of a setting in web.config to enable.
@MattiasBomelin
Hello again! Have you received any news regarding the ticket?
Sorry I haven't reported back here. Epi has accepted it as a bug and it's in their todo, no estimate on when it will be implemented though.
Hey!
We had a security audit and they pointed out that changing an users password doesn't require the current password.
Is there a configuration or such that would enable requiring of the current password when an user is changing a password?
Thanks,
Jakke