mirror of
https://github.com/jellyfin/jellyfin.git
synced 2026-07-16 05:43:54 +03:00
[Issue]: Password resets without entering old password #4611
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @matjako on GitHub (Feb 8, 2023).
Please describe your bug
When using WEB based clients I edit any user profile, if I leave "current password" and "new password" fields empty and press "save" above "reset password", the empty password is saved and the user has empty password set.
If I am logged in as admin and change other user profile, and both password fields are empty, pressing "save" also sets new empty password.
It appears no check is made if current password is correct.
If possible change behavior to not allow empty passwords and also change "save" to "save password". It is really easy to not scroll down the page and just click the first save button that you see.
Jellyfin Version
10.8.0
if other:
10.8.9
Environment
Jellyfin logs
No response
FFmpeg logs
No response
Please attach any browser or client logs here
No response
Please attach any screenshots here
No response
Code of Conduct
@cvium commented on GitHub (Feb 8, 2023):
This is web-specific and not server related.
Duplicate of #9208