+2

User password change to require old password

k0xak 2 years ago 0

When user attempts to change his password he is not being required to type his old password.

This is serious security issue.

Password reset from should require old one.