Closed
Bug 572150
Opened 14 years ago
Closed 13 years ago
Require Immediate Password Change for New Admin Accounts
Categories
(Websites Graveyard :: drumbeat.org, defect)
Websites Graveyard
drumbeat.org
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mcoates, Unassigned)
Details
(Whiteboard: [infrasec:auth])
Issue A new user receives the initial password to their account via email. Drumbeat recommends that the user immediately changes their password but does not require it. As a result it is possible that a user may continue to use the initial password which may be exposed in the email service or have been exposed during clear text email transfer to the user. Recommended Remediation Configure the system such so a new admin account (either by new account creation or granting of admin rights to an existing account) is forced to immediately change their initial password upon first login.
Comment 1•13 years ago
|
||
Drupal based version drumbeat.org has been retired. This is not an issue on the current version (we do not send passwords via email).
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Updated•12 years ago
|
Group: websites-security
Assignee | ||
Updated•9 years ago
|
Product: Websites → Websites Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•