We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I can use generated token multiple times to reset password. It should be invalidated after first successful password change!
Concerns: CKAN 2.3
The text was updated successfully, but these errors were encountered:
@KrzysztofMadejski absolutely, you're right. Do you have time to submit a fix?
For security related issues like this one please send your future reports to security@ckan.org
Sorry, something went wrong.
sorryy, I will use it in the future!
I see it's already PRed.
[#2370] add reset for reset_key on successful password change
b928ed8
Adapted for this branch tests
Looks like this was fixed, also its targeting old release. Closing
wardi
No branches or pull requests
I can use generated token multiple times to reset password. It should be invalidated after first successful password change!
Concerns: CKAN 2.3
The text was updated successfully, but these errors were encountered: