Description
In Liferay Portal 7.1 CE GA1, users are normally required to enter their current password if they want to change their password. However, the requirement to enter the current password can be circumvented making users vulnerable to account hijacking.
Severity
Severity 2
Fixed Version(s)
Publication date: Mon, 12 Nov 2018 09:39:00 +0000