New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When changing password or email address, require to type old password #2932

Closed
mattab opened this Issue Feb 15, 2012 · 3 comments

Comments

Projects
None yet
2 participants
@mattab
Copy link
Member

mattab commented Feb 15, 2012

If you leave Piwik open and logged in, anyone accessing the computer could change the email address or the password. Changing email address would allow to "reset" the password.

Therefore, as an extra security measure, we should require the old password to change the password or the email address.

When changing other settings inputting the password wouldn't be necessary.

@mattab mattab added this to the 2.x - The Great Piwik 2.x Backlog milestone Jul 8, 2014

@mattab mattab added T: Task labels Jul 8, 2014

@mattab mattab removed the P: normal label Aug 3, 2014

@mattab

This comment has been minimized.

Copy link
Member Author

mattab commented Sep 4, 2014

see also #6125

@mattab mattab added Lower priority and removed Lower priority labels Dec 5, 2016

@mattab mattab modified the milestones: Long term, Mid term Dec 5, 2016

@mattab

This comment has been minimized.

Copy link
Member Author

mattab commented Sep 3, 2018

Rather than typing the old password in the page, maybe on submit, it could redirect to the login form with only the password field and ask to enter password there? (Like Github does)

@mattab mattab modified the milestones: Backlog (Help wanted), 3.7.0 Sep 3, 2018

@mattab mattab removed the Lower priority label Sep 3, 2018

@mattab

This comment has been minimized.

Copy link
Member Author

mattab commented Oct 2, 2018

Also, and this is important:

  • the API that updates password (eg. at least updateUser API) will need to enforce the same protections, ie. require to input the user password as a parameter, before changing the user password

otherwise one attacker could easily write a XSS that calls the API to change password and bypass the "Enter your password" protection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment