REPORTED BY TEAM SOCIAL OCTOPUS
Description: When modifying the account details the password change is successful even if the user enters his old password. If the password field asks for new password, only new password should be accepted.
Severity: Trivial
Comments:
The user is able to enter the same old password in the new password input field and the account is updated successfully. The requirements and specifications/design planning document doesn't say that the new password can't be same as old password but as the words "new password" suggest, the new password should be new.
Suggestions: I would suggest accessing the old password and checking in the frontend that the new password entered by the user matches the old password. If so, do not allow account update. Otherwise, allow the update.

REPORTED BY TEAM SOCIAL OCTOPUS
Description: When modifying the account details the password change is successful even if the user enters his old password. If the password field asks for new password, only new password should be accepted.
Severity: Trivial
Comments:
The user is able to enter the same old password in the new password input field and the account is updated successfully. The requirements and specifications/design planning document doesn't say that the new password can't be same as old password but as the words "new password" suggest, the new password should be new.
Suggestions: I would suggest accessing the old password and checking in the frontend that the new password entered by the user matches the old password. If so, do not allow account update. Otherwise, allow the update.