Kunena move to crowdin for the translations

Like announced in the release nots of the K6.4 RC4 release, Kunena project has moved to crowdin : crowdin.com/project/kunena-forum to manage translations from K6.4 and beyond. The RC4 release is the last version before the stable, so for all translators please update your translations on crowdin.

Transifex is keept for translations from K6.3 and the previous versions of Kunena.

Kunena 6.3.10 Released
The Kunena team has announce the arrival of Kunena 6.3.10[K 6.3.10] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x/5.2.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 and issues discovered during the last development stages of K 6.3
Note: Please go to the Kunena Dashboard after an upgrade so that the Kunena database tables are also updated.

This is for users to help other users, to discuss topics that are related to forum administration in general or problems in running Joomla. This is not the place to ask for Joomla support. If you want assistance with Joomla please ask at forum.joomla.org

Important Insecure change password page

Lelldorianx
Topic Author
Offline
New Member

13 years 9 months ago #1 by Lelldorianx

Insecure change password page was created by Lelldorianx

If anyone has a fix or plugin for this, please let me know!

I noticed today that the Kunena profile edit page (/profile/edit) is extremely insecure.

Expected behavior:

When changing a password, the user should be required to type in his or her current password. Alternatively, some other form of verification is recommended so that users don't get hacked (i.e., if User ABC leaves his account logged in on a computer and someone else accesses it, that person can then change the passwords and emails without any verification).

Current behavior:

When changing a password, the user need only type in the new password and apply.

Question: In order to resolve this, do I need to use a Joomla plugin to redo the password / registration system?

Please Log in or Create an account to join the conversation.

GoremanX
Offline
Premium Member
I've been shot!

13 years 9 months ago #2 by GoremanX

Replied by GoremanX on topic Re: Insecure change password page

That's not really a Kunena thing. It's the way Joomla works in general. Joomla handles all of the login and password management functions, not Kunena. Community Builder uses the same password management system too. I'm not aware if JomSocial has implemented a more secure way (as you describe).

THE place to discuss photography!
www.friendlyphotozone.com

Please Log in or Create an account to join the conversation.

Lelldorianx
Topic Author
Offline
New Member

13 years 9 months ago #3 by Lelldorianx

Replied by Lelldorianx on topic Re: Insecure change password page

Jomsocial is the same. Do you (or does anyone) know of any core joomla components that would fix this globally (i.e., in Kunena)?

Please Log in or Create an account to join the conversation.

Time to create page: 0.235 seconds