Description
A SHA-encoded password is sent to the user when they request account details to be mailed to them.
Steps to reproduce
- From Login, enter an email address and submit via "Mail me my account data"
Details
MoinMoin Version |
1.3.4 |
OS and Version |
Debian sarge |
Python Version |
2.3.5 |
Server Setup |
Standalone CGI |
Server Details |
|
Workaround
Discussion
As MoinMoin does not store the plaintext password, it's probably best not to mail the user their password, just their login URL.
This is no bug, but the best (and only thing) we can do there. Login URLs (and auth cookies) are deprecated since long (they currently still work, but will be removed in 1.4). So sending an encrypted (but nevertheless WORKING) password string is the best thing we can do. -- ThomasWaldmann 2005-03-16 16:02:39
Plan
- Priority:
- Assigned to:
- Status: