Possible Password Security Issue
Posted: Wed Nov 16, 2005 9:51 pm
It seems that password security was slightly overlooked in one non-technical aspect:
If a Group has the Permission to Modify Users, that Group can change anyone's password - not just their own.
I think this could cause problems, especially for my governmental client, where I will be giving each official an initial password that they will be allowed to change. I don't think that I will be able to allow them to change their passwords, lest they gain the capacity to change other's.
Otherwise, thanks for a great product.
Note: I am currently using 0.11beta3. If this problem was corrected in a more recent version, I apologize.
If a Group has the Permission to Modify Users, that Group can change anyone's password - not just their own.
I think this could cause problems, especially for my governmental client, where I will be giving each official an initial password that they will be allowed to change. I don't think that I will be able to allow them to change their passwords, lest they gain the capacity to change other's.
Otherwise, thanks for a great product.
Note: I am currently using 0.11beta3. If this problem was corrected in a more recent version, I apologize.
