Admin Password can be reset by others admin users

Question

Admin Password can be reset by others admin users

Closed this issue 2 years ago · 2 comments

If a user have a admin role, can password reset the admin default user. It will be better that the password of the admin user will not be reseteable.

Answer 1 · 2022-03-18T13:51:03.000Z

Yes, that´s the way it is implemented now. I depends on the perspective. Otherwise the admin account is not "recoverable" if you cannot reset it by another admin user. But I understand you point. I may think about it.

Answer 2 · 2022-06-10T15:16:28.000Z

If changed the behaviour so that the admin user will not be shown in the user list for other admins. This way other admins cannot update the default admin user. See latest release version 2.8.3