Ticket #165 (Fixed)Sun Feb 24 11:57:47 UTC 2008
Hub "forgotten password" form is case-sensitive
Reported by: | Andrew Hodgkinson (6) | Severity: | Normal |
Part: | Web site: Hub (single sign-on mechanism) | Release: | 2nd public site release |
Milestone: | 2nd public site release completed | Status | Fixed |
Details by Andrew Hodgkinson (6):
The “forgotten password” page is case-sensitive; if an e-mail address with the wrong case is input, the system will say it can’t find your address. However, the sign-up page is (correctly) case-insensitive, so it will refuse to add an account which the “forgotten” page says doesn’t exist.
This was intended as a security measure but it’s probably a misguided one; the “forgotten” form should probably ignore the case of the e-mail address given by the user.
Changelog:
Modified by Andrew Hodgkinson (6) Wed, February 25 2009 - 19:32:26 GMT
- Status changed from Open to Fixed
Fixed in Changeset #260.