What steps will reproduce the problem?
1. Create an account
2. Receive temp password by email
3. Login with temp password which forces you to change password
4. New password is sent in email
What is the expected output? What do you see instead?
User selected passwords should not be sent by email. I did not check the
code, but I also expect the the password is stored as a hash instead of
encrypted or even in clear.
What version of the product are you using?
Revision 596
Please provide any additional information below.
Original issue reported on code.google.com by psta...@gmail.com on 29 Apr 2008 at 1:06
Original issue reported on code.google.com by
psta...@gmail.comon 29 Apr 2008 at 1:06