Able to use the same/old password for multiple times in the forgot password - reset link in ConnectALL
search cancel

Able to use the same/old password for multiple times in the forgot password - reset link in ConnectALL

book

Article ID: 276739

calendar_today

Updated On:

Products

ConnectALL

Issue/Introduction

Steps to reproduce:

  1. Login to ConnectALL 3.2.0 version as CA admin.
  2. Navigate to User Management.
  3. Create one user(any role) in User Management with a password and email address.
  4. Now log in as a newly created user in ConnectALL.
  5. The password change page will be displayed on successful login.
  6. Change the password ex: P@55word and save
  7. Now, try to log in as a user with the changed password
  8. Now Logout.
  9. Click the forgot password.
  10. Enter the respective user name and click the send button
  11. The reset link will be sent to the registered Email.
  12. Click that link and the reset password page will be displayed.
  13. Enter the same password/old password that you used earlier and click reset password.

 

Expected Results:

The same/old password should not be allowed to be set for the user in the next password change. The same/old password should be allowed to be used only after exceeding the password history count which is 10 by default and can be changed.

Actual Results:

Able to use the same/old password multiple times in the forgot password option- password reset link.

 

Environment

3.2.0

Cause

DE78275

Resolution

DE78275 is addressed in 3.2.0.1