6.0.0-beta13
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
4/11/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#10430] Forgot Password dialog presents empty security question if none is set
*
Your Email Address
*
Spam protection
Enter the letters below:
.__.. .. .\ /. . | || ||\ | >< | | |__\|/\|| \|/ \|/\|
Comment
> HOW TO REPRODUCE: > A user enters an alternate_email but no security question/answer. > He logs out and clicks "Forgot password". > He provides username and alternate email. > > EFFECT: > He is presented an empty security question and an answer field which > does not accept any input (empty line complains about "required", any > input would not match backend content. > > EXPECTED BEHAVIOUR: > > Either do not present security question if none is set or forbid > reset self service if none is set. I would go for the former though > there is a slight potential of DoS in setups where alternate_email is > auto-set/required. > > ACTION: > > I would patch that according to "do not present security question if > none is set ". > Please post any disagreements.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers