WebGUI - Email based password recovery allows resetting any users email - Content Management System | CMS | Open Source Content Management | Web Application Framework

Username Password

Home Features Download Partners Community Blog WebGUI 8

Community Support
WebGUI User Guides
Wiki
Forums
Report A Bug
Request Features
WebGUI TV
Add-ons and Plug-ins
Service Providers
webGUI in the news
Karma
API Docs
the people behind wg
webgui worldwide
Mascot
wallpapers
powered by icons
Sightings
WebGUI 8

View All Tickets

Email based password recovery allows resetting any users email (#8790)

Issue

With email based password recovery, the user can enter either a username or an email, and it will mail a link to reset that users password.

If both are entered however, it will send a link to reset the user to the email entered, even if the email doesn't match the user's. This allows you to reset the password for any user.

Attaching a patch for 7.4.

Fixed in 7.5.26, 7.6.1.

Solution Summary

Fixed in 7.5.26, 7.6.1.

Comments

Graham

10/9/2008 3:35 pm

Fixed in 7.5.26, 7.6.1.

Details

Ticket Status	Resolved
Rating
Submitted By	Graham
Date Submitted	2008-10-09
Assigned To	unassigned
Date Assigned	2021-01-09
Assigned By
Severity	Cosmetic (misspelling, formatting problems)
What's the bug in?	WebGUI Stable
WebGUI / WRE Version
URL	bugs/tracker/8790

Keywords

Related Files

email-password-recovery-7.4.diff

Ticket History

10/9/2008 8:35 PM	Resolved	Graham
10/9/2008 8:31 PM	Ticket created	Graham