Normally when presenting the opportunity to change a password, a user is required to provide the current password in addition to the new. It ensures the one changing the password already knows the password.
According to Olaf Ritman, Blackboard Academic Suite 6, 7, 8 and Learn 9 ignore asking for the current password. Can anyone with access to one of these confirm?
We run Blackboard Vista 3 and 8. Neither have this particular issue. Since our product is the end of the line and Learn is the future, I pay a little more attention to what is happening on the other side of the academic house.
Any thoughts on the scale of this as a security risk? Olaf makes the point any user leaving the browser logged into the site could have their password changed.