Hacker News new | ask | show | jobs
by Uvix 374 days ago
Don't you generally have to enter the current password to change it to a new one?
1 comments
TZubiri 374 days ago
Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.

That said, it means that you can skip this check by hacking around the front end check haha

link