hack in forgot password feature

Question

hack in forgot password feature

Opened this issue 11 years ago · 2 comments

(Sorry that the issue is not detailed) (Comment if you want a detailed version)

Currently the forgot password feature will open a new page that will let the user to change the password. The users can misbehave with this. Suppose a user leaves his table with his computer on. So attackers comes and request for a pass change by opening the pass change page. I want it to only open that page, if the user has requested a pass change and otherwise not.

For this I have to make a new column in PASSWORD table whose value will be 1 if the password change is requested.

Answer 1 · 2013-10-25T20:29:23.000Z

Not able to clearly understand the issue. Can you please elaborate a bit on it ?

Answer 2 · 2013-10-26T20:46:37.000Z

This is still hypothetical and very dependent on what I am writing and incomplete...I just wrote it here so that I wont forget. I wont be able to clarify you now. Sorry that you can't take this issue now. :(