Steps to reproduce:
- Login to ConnectALL 3.2.0 version as CA admin.
- Navigate to User Management.
- Create one user(any role) in User Management with a password and email address.
- Now log in as a newly created user in ConnectALL.
- The password change page will be displayed on successful login.
- Change the password ex: P@55word and save
- Now, try to log in as a user with the changed password
- Now Logout.
- Click the forgot password.
- Enter the respective user name and click the send button
- The reset link will be sent to the registered Email.
- Click that link and the reset password page will be displayed.
- Enter the same password/old password that you used earlier and click reset password.
Expected Results:
The same/old password should not be allowed to be set for the user in the next password change. The same/old password should be allowed to be used only after exceeding the password history count which is 10 by default and can be changed.
Actual Results:
Able to use the same/old password multiple times in the forgot password option- password reset link.