Welcome to Geeklog, Anonymous Tuesday, March 21 2023 @ 07:42 pm EDT

Lost password

  • Tuesday, April 23 2002 @ 10:48 pm EDT
  • Contributed by:
  • Views: 5,584
Security I noticed that when we lose a password, geeklog will send us a new \'system-generated\'password. I have one concern, with the ease of requesting for new password.

GL does not verify if you are truly the user requesting for new password. As such, a prankster can look for a list of users ie. Admin etc and request for a new password for the person. It would be a pain if the this becomes a day to day affair.

Are there any plugins patches that we can add to help identify the user ie mom\'s maiden name or something along those lines?

Thank you.