Disallow low user password reset timeout, impose reasonable minimum

Open on Drupal.org →

Created on 18 April 2024, 2 months ago

Updated 29 April 2024, about 2 months ago

Problem/Motivation

Discovered in 📌 Add validation constraints to user.settings Needs work .

@see https://git.drupalcode.org/project/drupal/-/merge_requests/7412#note_298722

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

📌 Task

Status

Active

Version

11.0 🔥

Component

User module →

Last updated about 8 hours ago

Maintained by
🇺🇸United States @moshe weitzman
🇧🇪Belgium @kristiaanvandeneynde

Created by

🇮🇳India omkar.podey

Live updates comments and jobs are added and updated live.

Security improvements
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Sign in to follow issues

Merge Requests

!7646Disallow low user password reset timeout, impose reasonable minimum
Open
Unnamed author
updated 2 months ago

Comments & Activities

Issue created by @omkar.podey
Comment 2 months ago →
🇮🇳India omkar.podey
Comment 2 months ago →
🇳🇿New Zealand quietone New Zealand
Comment 2 months ago →
🇮🇳India pradhumanjainOSL
pradhumanjain2311 → made their first commit to this issue’s fork.
Merge request !7646Issue #3441772: Increase min password reset timeout in User.schema.yml → (Open) created by Unnamed author
Pipeline finished with Success
2 months ago
Total: 988s
#153111
Comment about 2 months ago →
🇧🇪Belgium Wim Leers Ghent 🇧🇪🇪🇺
The exact minimum is TBD. I propose 5 minutes, which is far safer than the current minimum of … no minimum (which realistically allows one attempt per second, given a form must be submitted and an e-mail received).

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024