Password reset loophole

  • alrightalready

    (@alrightalready)


    10 years, 3 months ago

    I am completely shocked to find out that when I’m logged into ww.wp.xz.cn I can change the password for my account without having to type it in again.

    If for whatever reason my sign out process does not go through, anyone could change my accounts email address and password without needing to input my password again.

    This is a serious security breach as it is so easy to exploit.

    Please fix this guys.

    And also, why is it that I can’t reply to individual comments in threads?

    On other forums, I can reply to a specific comment someone’s made on my thread, whereas here, the only option I have is to reply to the whole thread, and I can’t quote the post I’m actually wanting to reply to.

    Isn’t that stupid?

    What if I only want to get notifications to replies to my own posts but not the whole thread that I posted to?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    10 years, 3 months ago

    I am completely shocked to find out that when I’m logged into ww.wp.xz.cn I can change the password for my account without having to type it in again.

    *Looks*

    Where’s that exactly? If you scroll down on this link https://ww.wp.xz.cn/support/profile/alrightalready/edit you should see this.

    2016 02 24 18 05 54 WordPress Support jdembowski

    Two password fields and a strength meter. It doesn’t ask for your current password though. If you are concerned about passerby changing your password while your away, you can always lock your PC/Mac/what have you.

    Or do you mean on your own self-hosted site?

    And also, why is it that I can’t reply to individual comments in threads?

    On other forums, I can reply to a specific comment someone’s made on my thread, whereas here, the only option I have is to reply to the whole thread, and I can’t quote the post I’m actually wanting to reply to.

    These are support forums. The conversation is supposed to be linear to address the topic that the original poster created. These are not community forums for creating tangent conversations. There already are places like that such as https://www.reddit.com/r/WordPress

    These forums are due for an upgrade to a more current version of bbPress. I do not have any ETA for that, but when that happens you will see more modern reply options.

    Thread Starter alrightalready

    (@alrightalready)

    10 years, 3 months ago

    I am indeed referring to the requirement to enter the current password when changing the password as there are multiple possibilities of this being taken advantage of.

    Just going to the toilet while at work and leaving everything on is one for example, if one has “unhappy” work colleagues.

    Or the sign out process not working due to browser issues when a user wants to log out, thinks they’ve logged out, but they aren’t actually logged out.

    I’ve experienced this issue with portal.office.com many times as I’m an Office365 admin, I’d want to sign out, but the browser would take ages to sign me out, and, then, even fail to do so at one point.

    And, anyways, it’s not that hard to add that field in now, is it? You guys are ww.wp.xz.cn after all, aren’t you?

    In terms of replies to posts, the only way that something can be followed in a linear fashion is if that feature is present.

    Otherwise, no one knows to who’s reply whom has said what.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    10 years, 3 months ago

    In terms of replies to posts, the only way that something can be followed in a linear fashion is if that feature is present.

    Can you clarify what you mean by that? The forum runs smoothly if people create their own threads to discuss their own issues, rather than discussing their issues in someone else’s thread.

    Thread Starter alrightalready

    (@alrightalready)

    10 years, 3 months ago

    I’m not talking about multiple issues in one thread, but inside a conversation, being able to reply to the 2nd post for example, and having my reply appear immediately after that, instead of it appearing at the bottom of the thread after the 10th post for example.

    It’s an abstract example, but it saves time.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Password reset loophole’ is closed to new replies.