diff options
| author | Mary Umoh <umohm12@gmail.com> | 2017-08-30 20:23:56 +0200 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2017-08-30 20:23:56 +0200 |
| commit | 2314495acf103fc45486a59d6543454ccd8f4363 (patch) | |
| tree | 5e62801061cf216e768742188ae7f84bc731d879 /reset_password.cgi | |
| parent | 6e06bb255acdf53d2bbed3911378bd6859a0e3f0 (diff) | |
| download | bugzilla-2314495acf103fc45486a59d6543454ccd8f4363.tar.gz bugzilla-2314495acf103fc45486a59d6543454ccd8f4363.tar.xz | |
Bug 1394915- Protect against 2FA by-pass in reset_password.cgi
Diffstat (limited to 'reset_password.cgi')
| -rwxr-xr-x | reset_password.cgi | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/reset_password.cgi b/reset_password.cgi index fb095c27d..3b0e36849 100755 --- a/reset_password.cgi +++ b/reset_password.cgi @@ -25,6 +25,8 @@ my $user = Bugzilla->login(LOGIN_REQUIRED); my $template = Bugzilla->template; my $dbh = Bugzilla->dbh; +ThrowUserError('reset_password_denied') unless $user->password_change_required; + if ($cgi->param('do_save')) { my $token = $cgi->param('token'); check_token_data($token, 'reset_password'); |