Hey!
We had a security audit and they pointed out that changing an users password doesn't require the current password.
Is there a configuration or such that would enable requiring of the current password when an user is changing a password?
Thanks,
Jakke