XF 2.2 User password edited by other user account

O

Old Time RockenRoll

Member
xf 2.2.9
User 1 was banned 6 months ago.
User 2, which come to find out is a second account for user 1, edited the password for user 1. What went wrong and how to correct this so it does not happen again?

1661665650913.webp
 
Sort by date Sort by votes
Weird. I thought only an admin could edit another user's password. Interested to see what the resolution on this is. I am assuming coldcases is the one you think is a sock for the banned user?
 
Upvote 0 Downvote
That's easy to explain :)

There was a password reset email sent for the banned account. When you set a new password while logged in with another account, that other account shows up in the change log.

So, no need to be afraid. ;)
 
Upvote 0 Downvote
If that were the case and he was logged in under user 2, the user log would show user 2 changed user 2 password. Not user 2 changed user 1 password.

VBX Co said:
Have you checked the permissions of user coldcases - to make sure that haven't inadvertently been given moderator/admin privileges?
Click to expand...
I found that "Use inline moderation on threads / posts" had wrong permissions
 
Upvote 0 Downvote
Please try for yourself:
  1. Create 2 accounts
  2. Ban account1
  3. Logout or open an incognito window and go to /lost-password/
  4. Enter the email address of account1
  5. Login as account2
  6. Visit the password reset link, that you got for account1
  7. Change the password
Result: In the change log for account1 (the banned one) you will see account2 (the one you changed the password with) - exactly what happened on your forum.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

mjda
  • Solved
XF 2.2 Change log shows user password changed by another user
Replies
6
Views
641
Paul B
P
Back
Top Bottom