Changing the Password
Created by: Moschn
Changing the password should also require the current password. Currently an attacker could steal a session token and then change the password and thus hijack the account.
To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch
Created by: Moschn
Changing the password should also require the current password. Currently an attacker could steal a session token and then change the password and thus hijack the account.