Password security
We have found a fault in the changing password scenario. Actually someone was able to send himself an invitation mail in order to change the password of another member. The consequence is that he could take the account of the other member.
The scenario is shown under :
Alice has the account "alice.dodgson" with the following e-mail: "alice@wonderland.org". Malory has also an account and want to steal Alice's. He sends an invitation to alice.dodgson but to his own e-mail "malory@hell.com".
We have done the test in order to verify there is a real fault. The two following screenshots show there was a real problem to fix.
Firstly, we have written an algorithm we have followed to solve the problem. We have reached our goal and the fault has disappeared. The following two screenshots show the result when someone try to steal one else's account.
The invitation is bloqued
