[rt-users] Autoreset Password

Hammad rt at brisksolutions.com
Mon Oct 18 17:43:40 EDT 2004


I have the following 'scrips' to get executed in "reset password" queue upon
creation of a new ticket, I was using RT 3.2.2. Here's the problem: Everytime
an un-privileged user resets his password, he gets an email back with his
password and the password for few other un-privileged users.(Huge Security
problem) Its Random, sometime he only gets his password and sometimes email has
few more usersname added to it. Help on this will be appreciated. BTW: this use
to work with RT 3.0.10

Subject: Your Password has been Reset

{*RT::User::GenerateRandomNextChar = \&RT::User::_GenerateRandomNextChar;

    if (($Transaction->CreatorObj->id != $RT::Nobody->id) &&
        my $user = RT::User->new($RT::SystemUser);
        my ($stat, $pass) = $user->SetRandomPassword();

        if (!$stat) {
                $OUT .=
           "An internal error has occurred. RT was not able to set a password
for you.
           Please contact your local RT administrator for assistance.";

    $out .= "

Your password has been RESET as you requested. Please do not reply to this
message or to this email address unless you want your password reset again.

If you have other issue and need to contact SYSADMIN.

Here is your password:

        Username: ".$user->Name."
        Password: ".$pass."

Thank you,
--------------------------End Scrips-------------------------


More information about the rt-users mailing list