View Issue Details

IDProjectCategoryView StatusLast Update
0023509mantisbtsecuritypublic2019-01-26 12:52
Reporterdregad Assigned To 
Status newResolutionopen 
Summary0023509: Generate a random string when resetting password, or allow admin to define it

When e-mail notifications are disabled (i.e. $g_enable_email_notification = OFF), the user's password is set to blank when reset by an administrator.

This is not secure, and it would be preferable to set it to a random string (shown once to the admin), or to let the admin assign a password himself.

Additional Information

Such a feature was proposed previously (see PR

It is also available as a plugin (for Mantis 1.2 only as of this writing): (see 0015658).

TagsNo tags attached.


related to 0015658 closeddregad How can administrators change passwords of users? 
related to 0023507 closeddregad Users can't change their password when it is blank 




2019-01-26 12:52

developer   ~0061301

other related PR: