Reviewed: https://review.openstack.org/50966
Committed:
http://github.com/openstack/keystone/commit/3866991918beb818aa26aeab287a247f4732f6e7
Submitter: Jenkins
Branch: milestone-proposed
commit 3866991918beb818aa26aeab287a247f4732f6e7
Author: Dolph Mathews <dolph.math...@gmail.com>
Date: Thu Oct 10 10:36:00 2013 -0500
set user_update policy to admin_required
This changes the default policy.json to prevent users from changing
their own attributes such as password, name, or default_project_id.
Closes-Bug: 1237989
Change-Id: I7de5fff3d72a76b78113e289c57a9fac2096395f
** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1237989
Title:
user can update his password without knowing the old password
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in OpenStack Identity (Keystone):
Fix Released
Status in OpenStack Security Advisories:
Incomplete
Bug description:
a user logged into horizon can change his password without needing to
type in the correct old password. It's just required to type in
anything as the old password.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1237989/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
