[CVE-2023-32302] Require password field to be non-empty

silverstripe · Jul 30, 2023 · 7b21b38 · 7b21b38
1 parent cb7be27
commit 7b21b38
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Security/Member.php b/src/Security/Member.php
@@ -731,7 +731,7 @@ public function getMemberPasswordField()
             $password->setRequireExistingPassword(true);
         }
 
-        $password->setCanBeEmpty(true);
+        $password->setCanBeEmpty(false);
         $this->extend('updateMemberPasswordField', $password);
 
         return $password;