You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2023/05/05 09:06:00 UTC

[jira] [Commented] (OFBIZ-5618) Update Password

    [ https://issues.apache.org/jira/browse/OFBIZ-5618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17719758#comment-17719758 ] 

Jacques Le Roux commented on OFBIZ-5618:
----------------------------------------

Hi Michael,

I see this possiblity only at lines 831 to 833. It depends on password.lowercase security property. That's what you talk about?

> Update Password
> ---------------
>
>                 Key: OFBIZ-5618
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5618
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Yachna chadha
>            Assignee: Chenghu Shan
>            Priority: Major
>         Attachments: LoginServices.java
>
>
> In LoginServices.updatePassword there is a check to see if the Logged in User is equal to the user login the password is being changed for.  This check IS case sensitive.  Since the logged in User has already passed validations in signing in this check should NOT be case sensitive.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)