Notify users during password reset/change process [Removed in Security Center 1.5]

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Use this property to enable end users to reset or change passwords using a self-service process.

    This property enables an end user to reset or change a password using a self-service process. Alternatively, your organization could implement a process that requires a service desk agent to reset passwords for end users. If a password change and or reset process doesn't notify users on password update, a bad actor may be able to lock that user out of their account without their knowledge. This would provide the bad actor more time to perform malicious activities. Ensure password reset process notifies users upon password change or reset.

    More information

    Attribute Description
    Configuration name pwd_process.change, pwd_process.reset
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value true
    Category Authentication
    Security risk
    • Severity score: 8.1
    • CVSS score: High
    • Security risk details: A bad actor may be able to lock a user out of their account without their knowledge if no notification is sent to them when a password change is reset.
    Dependencies and prerequisites None