Details
-
Bug
-
Status: Closed
-
Must
-
Resolution: Fixed
-
OpenMRS 1.9.2, Platform 1.11.0
-
None
Description
Go to 'My Profile'. Set secret question and answer to non-empty strings and save. Then change password and save. User's secret answer is deleted (you can see this in the database).
I'm going to assume this is a bug, rather than a security feature because
- There's no warning to the user
- It inadvertently re-instates the secret question because its on the same form
I think the problem is HibernateUserDAO.updateUserPassword(..) which saves a new LoginCredentials object for the user with nulls for secret question and answer.
Gliffy Diagrams
Attachments
Issue Links
- relates to
-
TRUNK-3709 Secret answer should be encrypted
-
- Closed
-
- testing discovered
-
GRV-35 Error with OpenMRS 1.11: A javascript error has occurred: [Ljava.lang.StackTraceElement; cannot be cast
-
- Closed
-