0008335: Changing password should verify that user knows current password
Description
It is a common practice that when a user attempts to change his/her password, they have to confirm their knowledge of the current password. This protects against someone using the computer from changing passwords. This is specifically important with the Mantis being typically used with long sessions (i.e. cookies don't expire quickly or never expire).
This is especially important since the 'Manage' pages all require you to re-enter your password for safety reasons, but anyone can simply change the current user's password to something else to gain access to the Manage section anyway.
