Page MenuHomePhabricator
Create Task
Maniphest T68793

Targeted forced password update
Open, MediumPublicFeature
Actions

Description

Use case: Some security breach at some other company that results in usernames/emails and passwords and/or hashes exposed. Users tend to reuse passwords across sites, thus, the security of their mediawiki password could also be compromised.

Thus, we could get access to that list of emails and force a password reset on their account on their next login. We'd also probably want the maint script to send the user an email when we do this.

Version: unspecified
Severity: enhancement

Details

Reference
bz66793

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:22 AM
bzimport added a project: MediaWiki-Maintenance-system.
bzimport set Reference to bz66793.
bzimport added a subscriber: Unknown Object (MLST).
greg created this task.Jun 18 2014, 4:32 PM
Krenair subscribed.Aug 17 2015, 1:37 PM

I think something like this was done in T56847

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 17 2015, 1:37 PM
lcawte subscribed.Dec 17 2016, 12:59 PM
Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 12:23 PM
Aklapper removed a subscriber: wikibugs-l-list.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits