Can you explain why it would be not good to have it though? Are there concerns that it will be misused?

Well it could be misued - probably, yes. Every input field could be a possible attack vector for XSS attacks.
But the point is that it's just not needed in a small team. A piwik admin can just reset the password if a user should forget it's password.
But admins should care about their password anyway. I mean you also have no password reset possibility for .htaccess, SQL Dumper or phpmyadmin or such things - It's just not necessary. 😃

And a user who knows the mail or username of an Piwik user can lock him out by just recover his password and set the password to some rubbish.

And a user who knows the mail or username of an Piwik user can lock him out by just recover his password and set the password to some rubbish.

No, it is not possible. Before the password is changed, the user will have to click the link in the password reset email.

IMO we don't need this feature in core, so i'm closing. However disabling password reset could be done (I think quite easily) in a small new plugin.

We just ran into an issue today on one of our Piwik installations where a malicious user attempted a password reset form the public server. Fortunately we caught it and discarded the message, however it is much too easy for someone to mistakenly click the approval link (even unintentionally as it's long enough to span three lines). Especially if the attackers spam the system with a lot of requests, it would DoS our inboxes if nothing else.

This would not be such a big issue if it wasn't a one click change, but as it is implemented now it is very insecure. Can you please allow this to be disabled (it can be a simple config line in global.ini) or at least point to the plugin that does it or how it should be deployed?

Thank you,
Mihnea

That's a good real-world example of the consequences of such unnecessary features. I agree that the admin should be able to disable it.

Hello, has there been any development on that plugin that was mentioned above? Or perhaps something that can be added in Piwik 3.0?

Thanks,
Mihnea

There has been no development and it won't be done for Piwik 3.0 (as our team is too small & under resourced to tackle such issues)

Anyway nice to see that other users would like to have this feature too.

This is quite unfortunate, especially as you are trying to position Piwik as more of an "enterprise-ready" piece of software, as security details such as this can be a blocker to adoption. That being said though, as you will not work on this feature, could you please provide pointers to the best way this could be achieved with a plugin? From reading the plugin documentation, it seems it would be quite easy to add items to the interface but it's not very clear how one would go about removing functionality that is already present. It could perhaps work with some CSS/JS hack but that's not a clean way of doing it...

Any information will be appreciated.

Thank you,
Mihnea

Well... why create a plugin? I think a PR would be superior - if Piwik accepts it.

I was thinking about a patch as well, however the devs recommended a plugin in the conversation above so I was just going by their guidance (TBH it's been a while since I checked the Piwik code so I'm not sure what would be the easiest approach).

I'd say It would be better for us if it was done in a plugin 👍