0023509: Generate a random string when resetting password, or allow admin to define it

ID	Project	Category	View Status	Date Submitted	Last Update
0023509	mantisbt	security	public	2017-10-20 08:07	2019-01-26 12:52

Reporter	dregad	Assigned To
Priority	normal	Severity	feature	Reproducibility	N/A
Status	new	Resolution	open

Summary	0023509: Generate a random string when resetting password, or allow admin to define it
Description	When e-mail notifications are disabled (i.e. `$g_enable_email_notification = OFF`), the user's password is set to blank when reset by an administrator. This is not secure, and it would be preferable to set it to a random string (shown once to the admin), or to let the admin assign a password himself.
Additional Information	Such a feature was proposed previously (see PR https://github.com/mantisbt/mantisbt/pull/751) It is also available as a plugin (for Mantis 1.2 only as of this writing): https://github.com/mantisbt-plugins/AdminSetPassword (see 0015658).
Tags	No tags attached.

related to	0015658	closed	dregad	How can administrators change passwords of users?
related to	0023507	closed	dregad	Users can't change their password when it is blank

cproensa 2019-01-26 12:52 developer ~0061301	other related PR: https://github.com/mantisbt/mantisbt/pull/1451