Support #13309
[SCP ID :##6510##] : User still can login with the old password even though user already change the password
| Status: | Closed - End of life cycle | Start date: | November 07, 2022 | ||
|---|---|---|---|---|---|
| Priority: | Normal | Due date: | |||
| Assignee: |  Zahir Abd Latif | % Done: | 50% | ||
| Category: | - | Spent time: | - | ||
| Target version: | - |
Description
Hi,
Kindly attend below request:-
Please help, during the implementation of IWT Bifast Batch 5, env d2stgfastportapp01 there were findings, namely:
1. The first scenario, the admin has reset the password for the user participant. user participant has changed his password and successfully logged in.
2. the second scenario is the user logs in with the old password, the result should be an error cannot login but still successfully login.
3. BI did a test in Production with the same scenario and it turned out that they still managed to log in with the old password.
History
#1
Updated by Bramantyo Pujo Wiyono almost 2 years ago
- Status changed from New - Begin Life Cycle to Investigation
- % Done changed from 0 to 50
After investigation i found that LDAP stil caching the old password around 15-30 min, during this period the user can login using new password and old password.
#2
Updated by Tan Lee Yong over 1 year ago
- Status changed from Investigation to Development / Work In Progress
- Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
#3
Updated by Tan Lee Yong over 1 year ago
- Status changed from Development / Work In Progress to Closed - End of life cycle
Issued resolved.