Roundup Tracker - Issues

Message7627

Author rouilj
Recipients rouilj
Date 2022-08-01.02:10:16
Message-id <1659319816.99.0.506547765647.issue2551228@roundup.psfhosted.org>
In-reply-to
https://github.com/OWASP/ASVS/blob/master/4.0/en/0x11-V2-Authentication.md#v21-password-security-requirements requirements numbered 2.2.3 and 2.5.5

recommends that changes to email addresses or password credentials result in
notification to the user. They prefer a push system, but notification
to email address can work.

To implement, a reactor that monitors primary email or password change and emails
user at:

   old and new primary email address about email address changes
   current primary email address for password change

Some text similar to:

  Your <(email|password) has changed on the xyz tracker. If you authorized this
  change you do not need to do anything. If this change is unauthorized,
  please notify the admin at .....

should be sent.
History
Date User Action Args
2022-08-01 02:10:17rouiljsetrecipients: + rouilj
2022-08-01 02:10:16rouiljsetmessageid: <1659319816.99.0.506547765647.issue2551228@roundup.psfhosted.org>
2022-08-01 02:10:16rouiljlinkissue2551228 messages
2022-08-01 02:10:16rouiljcreate