Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Bug with 'reset' password type
After the reset, it fails to change the password type from 'reset' to 'vanilla', so the user gets locked into an endless reset loop.
The fix is really easy. Change /applications/dashboard/models/class.usermodel.php @ line 1462 From
to
The fix is really easy. Change /applications/dashboard/models/class.usermodel.php @ line 1462 From
$this->SQL->Update('User')->Set('Password', $Password)->Where('UserID', $UserID)->Put();
to
$this->SQL->Update('User')->Set('Password', $Password)->Set('HashMethod', 'vanilla')->Where('UserID', $UserID)->Put();
1