| Topic: | "Force password change" not happening |
| Severity: | Minor |
| Versions affected: | < 2.0.3 (1.9.x not affected) |
| Reported by: | Stephen Overall |
| Issue no.: | MDL-26803 |
| Solution: | Upgrade to 2.0.3 |
| Workaround: | After uploading users via CSV, force password change using bulk user actions |
Description:
This vulnerability allows new users, who were added via CSV, access without being required to change their password.