Skip to content

TRIVIAL: new password should not be same as old password #16

Description

@agrimpandey

REPORTED BY TEAM SOCIAL OCTOPUS

Description: When modifying the account details the password change is successful even if the user enters his old password. If the password field asks for new password, only new password should be accepted.

Severity: Trivial

Comments:
The user is able to enter the same old password in the new password input field and the account is updated successfully. The requirements and specifications/design planning document doesn't say that the new password can't be same as old password but as the words "new password" suggest, the new password should be new.

Suggestions: I would suggest accessing the old password and checking in the frontend that the new password entered by the user matches the old password. If so, do not allow account update. Otherwise, allow the update.

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions