Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-9818

"Forgot password" function allows easy misuse

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      The "Forgot password" function invents a new password and sends it by email.

      This invites to misuse as guessing the userid already allows to annoy or even lock-out the legitimate account owner. (The user may currently not have access to his email account or the mail could be killed by a spam filter.)

      Possible solutions could be that the old password remains valid until changed by the user himself, or a new password is only generated when the user acknowleges having received the email.

      Attachments

        Issue Links

          relates to

          Suggestion - CONFSERVER-18971 forgotmypassword email and forgotmypassword-success.vm links should go to password changemypassword page.

          • Closed

          Activity

            People

              Unassigned Unassigned
              aa68dfbba7e0 Alfred Nathaniel
              Votes:
              4 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: