Topic: | "Force password change" not happening |
Severity: | Minor |
Versions affected: | < 2.0.3 (1.9.x not affected) |
Reported by: | Stephen Overall |
Issue no.: | MDL-26803 |
Solution: | Upgrade to 2.0.3 |
Workaround: | After uploading users via CSV, force password change using bulk user actions |
Description:
This vulnerability allows new users, who were added via CSV, access without being required to change their password.