U4-8723 - Remove the AllowManuallyChangingPassword flag for users/members - this used to be for backwards compat reasons only

Created by Shannon Deminick 12 Jul 2016, 15:55:45 Updated by Shannon Deminick 27 Feb 2018, 03:02:57

Subtask of: U4-7997

This setting AllowManuallyChangingPassword for membership providers is there for old legacy backwards compat reasons and still today it is true by default. For security reasons this should be false which forces a user to enter their existing password before they can change it (including admins).

We will remove this setting in v8 so passwords can only be changed by having known the previous password or by resetting it.

Comments

Priority: Task - Pri 2

Type: Bug

State: Open

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: False

Fix Submitted:

Affected versions:

Due in version: 8.0.0

Sprint:

Story Points:

Cycle: