[imp] Passwd Module: Security vulnerability ???

Ashwin Kotian ashwin at comstocksys.com
Tue Jul 15 18:21:42 PDT 2003


Hi AJ,

What does this parameter do ? And I anyway did try as you suggested, but I'm
still able to see the username displayed & change it to another username &
also change the password (since I know the other username's original
password).
Is there a way to totally disable the Username display so that even if I
know the original password I (as a normal user)cannot change the password
using this module while logged in from another regular account ?

Thanks,

Ashwin.


----- Original Message ----- 
From: "AJ" <aj at mindcrash.com>
To: <imp at lists.horde.org>
Sent: Tuesday, July 15, 2003 5:59 PM
Subject: Re: [imp] Passwd Module: Security vulnerability ???


> Sorry, this should be placed in passwd/config/conf.php
>
>
> At 08:58 PM 7/15/2003 -0400, AJ wrote:
> >Place this in config/conf.php
> >$conf['user']['change'] = false;
>
>
> -- 
> IMP mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>




More information about the imp mailing list