@rugk opened this Issue on August 8th 2015

Especially for small Piwik installations where only a few users have access to Piwik it's not really necessary to have a password recovery functionality. If a user should have lost his password he can just ask another user (an admin of course) to reset the password.
So please make it possible to disable the password reset functionality.

@tsteur commented on August 10th 2015 Member

Can you explain why it would be not good to have it though? Are there concerns that it will be misused?

@rugk commented on August 10th 2015

Well it could be misued - probably, yes. Every input field could be a possible attack vector for XSS attacks.
But the point is that it's just not needed in a small team. A piwik admin can just reset the password if a user should forget it's password.
But admins should care about their password anyway. I mean you also have no password reset possibility for .htaccess, SQL Dumper or phpmyadmin or such things - It's just not necessary. :smiley:

@rugk commented on August 10th 2015

And a user who knows the mail or username of an Piwik user can lock him out by just recover his password and set the password to some rubbish.

@mattab commented on August 10th 2015 Member

And a user who knows the mail or username of an Piwik user can lock him out by just recover his password and set the password to some rubbish.

No, it is not possible. Before the password is changed, the user will have to click the link in the password reset email.

IMO we don't need this feature in core, so i'm closing. However disabling password reset could be done (I think quite easily) in a small new plugin.

@mgc8 commented on January 14th 2016

We just ran into an issue today on one of our Piwik installations where a malicious user attempted a password reset form the public server. Fortunately we caught it and discarded the message, however it is much too easy for someone to mistakenly click the approval link (even unintentionally as it's long enough to span three lines). Especially if the attackers spam the system with a lot of requests, it would DoS our inboxes if nothing else.

This would not be such a big issue if it wasn't a one click change, but as it is implemented now it is very insecure. Can you please allow this to be disabled (it can be a simple config line in global.ini) or at least point to the plugin that does it or how it should be deployed?

Thank you,

@rugk commented on January 14th 2016

That's a good real-world example of the consequences of such unnecessary features. I agree that the admin should be able to disable it.

@mgc8 commented on October 18th 2016

Hello, has there been any development on that plugin that was mentioned above? Or perhaps something that can be added in Piwik 3.0?


@mattab commented on October 18th 2016 Member

There has been no development and it won't be done for Piwik 3.0 (as our team is too small & under resourced to tackle such issues)

@rugk commented on October 19th 2016

Anyway nice to see that other users would like to have this feature too.

@mgc8 commented on October 20th 2016

This is quite unfortunate, especially as you are trying to position Piwik as more of an "enterprise-ready" piece of software, as security details such as this can be a blocker to adoption. That being said though, as you will not work on this feature, could you please provide pointers to the best way this could be achieved with a plugin? From reading the plugin documentation, it seems it would be quite easy to add items to the interface but it's not very clear how one would go about removing functionality that is already present. It could perhaps work with some CSS/JS hack but that's not a clean way of doing it...

Any information will be appreciated.

Thank you,

@rugk commented on October 20th 2016

Well... why create a plugin? I think a PR would be superior - if Piwik accepts it.

@mgc8 commented on October 23rd 2016

I was thinking about a patch as well, however the devs recommended a plugin in the conversation above so I was just going by their guidance (TBH it's been a while since I checked the Piwik code so I'm not sure what would be the easiest approach).

@sgiehl commented on October 25th 2016 Member

Feel free to create a PR for that.
As long as the changes are easy maintainable I don't think we won't merge it

@mattab commented on November 3rd 2016 Member

I'd say It would be better for us if it was done in a plugin :+1:

This Issue was closed on August 10th 2015
Powered by GitHub Issue Mirror