From 2314495acf103fc45486a59d6543454ccd8f4363 Mon Sep 17 00:00:00 2001
From: Mary Umoh <umohm12@gmail.com>
Date: Wed, 30 Aug 2017 14:23:56 -0400
Subject: Bug 1394915- Protect against 2FA by-pass in reset_password.cgi

---
 reset_password.cgi | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'reset_password.cgi')

diff --git a/reset_password.cgi b/reset_password.cgi
index fb095c27d..3b0e36849 100755
--- a/reset_password.cgi
+++ b/reset_password.cgi
@@ -25,6 +25,8 @@ my $user = Bugzilla->login(LOGIN_REQUIRED);
 my $template = Bugzilla->template;
 my $dbh = Bugzilla->dbh;
 
+ThrowUserError('reset_password_denied') unless $user->password_change_required;
+
 if ($cgi->param('do_save')) {
     my $token = $cgi->param('token');
     check_token_data($token, 'reset_password');
-- 
cgit v1.2.3-24-g4f1b