View Issue Details

IDProjectCategoryView StatusLast Update
0023509mantisbtsecuritypublic2019-01-26 12:52
Reporterdregad Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionopen 
Summary0023509: Generate a random string when resetting password, or allow admin to define it
Description

When e-mail notifications are disabled (i.e. $g_enable_email_notification = OFF), the user's password is set to blank when reset by an administrator.

This is not secure, and it would be preferable to set it to a random string (shown once to the admin), or to let the admin assign a password himself.

Additional Information

Such a feature was proposed previously (see PR https://github.com/mantisbt/mantisbt/pull/751)

It is also available as a plugin (for Mantis 1.2 only as of this writing): https://github.com/mantisbt-plugins/AdminSetPassword (see 0015658).

TagsNo tags attached.

Relationships

related to 0015658 closeddregad How can administrators change passwords of users? 
related to 0023507 closeddregad Users can't change their password when it is blank 

Activities

cproensa

cproensa

2019-01-26 12:52

developer   ~0061301

other related PR:
https://github.com/mantisbt/mantisbt/pull/1451