×
Blue Eagle 1.5.2 Released (Yesterday)

The Kunena team has announce the arrival of Kunena Blue Eagle 1.5.2 which is now available for download as a native Joomla extension for Kunena 5.1. This version addresses most of the issues that were discovered in K 1.5.1 and issues discovered during the development stages of K 1.5.2.

× This is for users to help other users, to discuss topics that are related to forum administration in general or problems in running Joomla. This is not the place to ask for Joomla support. If you want assistance with Joomla please ask at forum.joomla.org

Important Insecure change password page

More
7 years 6 months ago #1 by Lelldorianx
If anyone has a fix or plugin for this, please let me know!

I noticed today that the Kunena profile edit page (/profile/edit) is extremely insecure.

Expected behavior:

When changing a password, the user should be required to type in his or her current password. Alternatively, some other form of verification is recommended so that users don't get hacked (i.e., if User ABC leaves his account logged in on a computer and someone else accesses it, that person can then change the passwords and emails without any verification).

Current behavior:

When changing a password, the user need only type in the new password and apply.


Question: In order to resolve this, do I need to use a Joomla plugin to redo the password / registration system?

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #2 by GoremanX
That's not really a Kunena thing. It's the way Joomla works in general. Joomla handles all of the login and password management functions, not Kunena. Community Builder uses the same password management system too. I'm not aware if JomSocial has implemented a more secure way (as you describe).

THE place to discuss photography!
https://www.friendlyphotozone.com

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #3 by Lelldorianx
Jomsocial is the same. Do you (or does anyone) know of any core joomla components that would fix this globally (i.e., in Kunena)?

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.076 seconds