[buddypress-trac] [BuddyPress Trac] #6111: User can input old password as new
buddypress-trac
noreply at wordpress.org
Wed Jan 28 00:12:51 UTC 2015
#6111: User can input old password as new
----------------------------------------+-----------------------------
Reporter: slaFFik | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Settings | Version:
Severity: normal | Resolution:
Keywords: needs-patch good-first-bug |
----------------------------------------+-----------------------------
Comment (by henry.wright):
Just to chip in with my two pennies worth...
If a member has changed their password, then that indicates either a) they
had forgotten their old password or b) their old password had been
compromised. If it's the case of the latter and at a later date the member
again changes their password (this time to the old compromised password
perhaps forgetting it was compromised in the past) then that could pose a
security threat.
If remembering old passwords is a trivial thing to do then I'd opt for
that approach. That said, I'm now thinking that might be overkill.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6111#comment:4>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list