Author: schaffner
Description:
If we send out an email to a new user with a random password (from Special:Userlogin) logged in as SysAdmin, then the user can log in with the
password in the email, but _also_ with an empty password!
This is no longer possible, once the user has logged in and reset his password.
Setting $wgMinimalPasswordLength in LocalSettings.php to a value other than 0 seems to fix this problem.
Version: 1.5.x
Severity: normal