Opened 5 years ago

Closed 5 years ago

#5236 closed defect (fixed)

User somehow using the name 'forgot-password' which redirrects to reset password page if clicked

Reported by: rickmastfan67 Owned by: rails-dev@…
Priority: critical Milestone:
Component: website Version:
Keywords: Cc:


Could this be a security risk? (if not, please downgrade the 'priority')

Here's a link to a changeset that this user made:

If you click on his name in the 'Closed 19 days ago by' area, you are sent directly to the OSM password reset page (and if you're logged in, your e-mail is displayed in the reset box). Also, because of this username he's 'using' there is no way to see his main 'user' page like the profile of anybody else.

Change History (1)

comment:1 Changed 5 years ago by Tom Hughes

Resolution: fixed
Status: newclosed

Fixed in c83778d/rails

Note: See TracTickets for help on using tickets.