[ZBXNEXT-3100] Security: user not prompted for old password when changing password Created: 2016 Jan 15  Updated: 2024 Dec 20  Resolved: 2023 Jan 23

Status: Closed
Project: ZABBIX FEATURE REQUESTS
Component/s: Frontend (F)
Affects Version/s: 3.0.0beta1
Fix Version/s: 6.4.0beta6, 6.4 (plan)

Type: Change Request Priority: Minor
Reporter: Sandis Neilands (Inactive) Assignee: Dace Petra (Inactive)
Resolution: Fixed Votes: 4
Labels: password, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Screenshot 2022-12-09 at 18.58.34.png     PNG File screenshot-1.png     PNG File screenshot-2.png    
Issue Links:
Causes
causes ZBX-22740 Internal user not detected properly Closed
causes ZBX-23497 Inconsistent behavior of empty passwo... Closed
causes ZBX-25778 Incorrect style for sound selection d... Closed
Duplicate
Sub-task
Team: Team B
Sprint: Sprint 94 (Nov 2022), Sprint 95 (Dec 2022), Sprint 96 (Jan 2023)
Story Points: 1

 Description   

Usually entering the old password is mandatory when changing passwords. This is due to security reasons - so that somebody else doesn't change users password after session hijacking or user not logging-out and leaving the session open.

Currently Zabbix doesn't require this.

 Comments   
Comment by Alexei Vladishev [ 2022 Nov 02 ]

I just added it to Zabbix 6.4 roadmap, it will be implemented soon.

Comment by Dace Petra (Inactive) [ 2022 Dec 06 ]

Fixed in development branch feature/ZBXNEXT-3100-6.3

Comment by Dace Petra (Inactive) [ 2022 Dec 27 ]

Implemented in:

Comment by Arturs Dancis [ 2023 Jan 05 ]

Documentation (6.4) updated:

Generated at Tue Apr 01 08:22:33 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.