dsajdak
commented
5 months ago Also, on further review the password is actually changed. If the user attempts to login with the new password, the authentication succeeds.
Open dsajdak opened 10 months ago
dsajdak
commented
5 months ago Also, on further review the password is actually changed. If the user attempts to login with the new password, the authentication succeeds.
When a user's password is expired, they're prompted to change it.
However, when attempting to do so they receive an error:
"something bad happened. Please contact site admin"The logs show either:
"Failed to change expired password for user" err="password does not conform to policy"but it does.or:
"Failed to change expired password for user" err="invalid current password"However the user was just authenticated using these credentials which initiated the password change process.