Changing passwords leads to user lock out but reveals password to public
Maybe you know about it as you said there are issues around passwords (if kept in DMX instead of LDAP). I tried to change a user's password. After that neither the old nor the new password worked, thus I was locked out. Logged out, I could search for the password and find it in clear text.
To reproduce:
- Log in as unprivileged user. Search for your account.
- Edit the password in the webclient. It is not hashed but saved in clear text.
- Log out, try to log in again with new or old password.
- Do not login. Search for password, select the topic type, show what's related.