|Topic:||"Force password change" not happening|
|Versions affected:||< 2.0.3 (1.9.x not affected)|
|Reported by:||Stephen Overall|
|Solution:||Upgrade to 2.0.3|
|Workaround:||After uploading users via CSV, force password change using bulk user actions|
This vulnerability allows new users, who were added via CSV, access without being required to change their password.