|
|
|
|
|
|
by kfriede
3082 days ago
|
|
|
I don't believe it is, necessarily. The issue is that doing this action requires the admin to re-enter their credentials. In this case, any credentials work, meaning that if a "guest" user (semi-trusted by the account owner, obviously using the owner's credentials. ) were attempting to change these settings, they could bypass the prompt with a bogus password instead of the alternative which requires the guest to ask the owner to enter their password. |
|
|