From: "Michael Gerber" <gerbermichi(a)me.com&gt; To: "Stian Thorgersen" <stian(a)redhat.com&gt; Cc: keycloak-dev(a)lists.jboss.org Sent: Tuesday, 20 January, 2015 5:42:49 PM Subject: Re: [keycloak-dev] Password reset is possible with expired link - KEYCLOAK-980 Thank you! I found another bug which is very critical. This one allows users to login as any user, even as an administrator with all privileges... https://issues.jboss.org/browse/KEYCLOAK-983 Am 20. Januar 2015 um 15:41 schrieb Stian Thorgersen <stian(a)redhat.com&gt;: Absolutely, pretty nasty one! ----- Original Message ----- From: "Michael Gerber" <gerbermichi(a)me.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Tuesday, 20 January, 2015 3:37:14 PM Subject: [keycloak-dev] Password reset is possible with expired link -      KEYCLOAK-980 Hi, can you fix this issue in 1.1.0 Final? https://issues.jboss.org/browse/KEYCLOAK-980 Thank you Michael _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev