[Tickets #10430] Forgot Password dialog presents empty security question if none is set
bugs at horde.org
bugs at horde.org
Tue Aug 16 10:52:37 UTC 2011
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/10430
------------------------------------------------------------------------------
Ticket | 10430
Created By | Ralf Lang (B1 Systems GmbH) <lang at b1-systems.de>
Summary | Forgot Password dialog presents empty security question
| if none is set
Queue | Horde Base
Version | Git master
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Ralf Lang (B1 Systems GmbH) <lang at b1-systems.de> (2011-08-16 10:52) wrote:
HOW TO REPRODUCE:
A user enters an alternate_email but no security question/answer.
He logs out and clicks "Forgot password".
He provides username and alternate email.
EFFECT:
He is presented an empty security question and an answer field which
does not accept any input (empty line complains about "required", any
input would not match backend content.
EXPECTED BEHAVIOUR:
Either do not present security question if none is set or forbid reset
self service if none is set. I would go for the former though there is
a slight potential of DoS in setups where alternate_email is
auto-set/required.
ACTION:
I would patch that according to "do not present security question if
none is set ".
Please post any disagreements.
More information about the bugs
mailing list