We have moved to GitHub Issues
Created by Shannon Deminick 12 Jul 2016, 15:55:45 Updated by Shannon Deminick 27 Feb 2018, 03:02:57
Subtask of: U4-7997
This setting AllowManuallyChangingPassword for membership providers is there for old legacy backwards compat reasons and still today it is true by default. For security reasons this should be false which forces a user to enter their existing password before they can change it (including admins).
We will remove this setting in v8 so passwords can only be changed by having known the previous password or by resetting it.
Priority: Task - Pri 2
Backwards Compatible: False
Due in version: 8.0.0