Contributed by: barrywong Tuesday, April 23 2002 @ 10:48 pm EDT
I noticed that when we lose a password, geeklog will send us a new \'system-generated\'password. I have one concern, with the ease of requesting for new password.
GL does not verify if you are truly the user requesting for new password. As such, a prankster can look for a list of users ie. Admin etc and request for a new password for the person. It would be a pain if the this becomes a day to day affair.
Are there any plugins patches that we can add to help identify the user ie mom\'s maiden name or something along those lines?