@mattab opened this Issue on February 15th 2012 Member

If you leave Piwik open and logged in, anyone accessing the computer could change the email address or the password. Changing email address would allow to "reset" the password.

Therefore, as an extra security measure, we should require the old password to change the password or the email address.

When changing other settings inputting the password wouldn't be necessary.

@mattab commented on September 4th 2014 Member

see also #6125

@mattab commented on September 3rd 2018 Member

Rather than typing the old password in the page, maybe on submit, it could redirect to the login form with only the password field and ask to enter password there? (Like Github does)

@mattab commented on October 2nd 2018 Member

Also, and this is important:

  • the API that updates password (eg. at least updateUser API) will need to enforce the same protections, ie. require to input the user password as a parameter, before changing the user password

otherwise one attacker could easily write a XSS that calls the API to change password and bypass the "Enter your password" protection.

Powered by GitHub Issue Mirror