Security issue: changing password shouldn't be this easy
devmuhnnad opened this issue · comments
Muhnnad Habib commented
Hello, thank you for this incredible project ❤️
Issue Type: Security
current behavior:
Currently, users have the ability to change their passwords easily by navigating to the settings section.
Expected behavior
Users should not be able to change their password unless they provide their old password or receive a code via email for verification. This additional security measure will prevent unauthorized password changes and enhance user account protection.
Thank you for addressing this security concern promptly. If you need any further information or clarification, please feel free to ask.
PART OF GTC OPEN SOURCE INITIATIVE
Praveen kusuluri commented
Can I work on this issue?