Password Security Hole (3 posts)

  1. bbrainerd
    Posted 10 years ago #

    I find it kind of strange that it's possible to change a user's password without entering the old one. My site was hijacked a week or so ago because someone used an IE cache to log into WP, and then was able to change my passwords out from under me...

    Most other software requires you to know the old password before you can change to a new one. Might not be a bad thing to put in.

  2. James Huff
    Volunteer Moderator
    Posted 10 years ago #

    Please submit all security concerns through the proper non-public channels.


  3. chaaban
    Posted 10 years ago #

    if they have access to your account it mean you allready got hijacked , its not the fact that a user have to enter the old pass that will solve this prob .

Topic Closed

This topic has been closed to new replies.

About this Topic