We have admin ids used to recover userids passwords.
We have activated the check password option for these ids.
Using an obsolete admin id, I am able to recover a user password. Indeed, no certifier password to be entered.
No access to the server is required.
Only using the “obsolete” admin id.
Any clue to secure this process ?
Thanks in advance for your help.
Subject: extract password
You can change the setup and request that to recover a password, form a list of 5 administrators you will have to get the recovery password from at least 3
Subject: RE: extract password
Hey, that’s a very good answer !Thanks a lot !
Jean-Marc
Subject: RE: extract password
But the obsolete admin id can still recover old ids it created and which contains obsolete admin id information.Am I wrong ?