Able to use the same/old password for multiple times in the forgot password - reset link in ConnectALL
book
Article ID: 276739
calendar_today
Updated On:
Products
ConnectALL
Issue/Introduction
Steps to reproduce:
Login to ConnectALL 3.2.0 version as CA admin.
Navigate to User Management.
Create one user(any role) in User Management with a password and email address.
Now log in as a newly created user in ConnectALL.
The password change page will be displayed on successful login.
Change the password
Now, try to log in as a user with the changed password
Now Logout.
Click the forgot password.
Enter the respective user name and click the send button
The reset link will be sent to the registered Email.
Click that link and the reset password page will be displayed.
Enter the same password/old password that you used earlier and click reset password.
Expected Results:
The same/old password should not be allowed to be set for the user in the next password change. The same/old password should be allowed to be used only after exceeding the password history count which is 10 by default and can be changed.
Actual Results:
Able to use the same/old password multiple times in the forgot password option- password reset link.