Enforce password reset on api requests [Updated in Security Center 1.5]
Manage how the password reset functionality operates on your instance.
When a user is marked for Password needs reset, they must provide a new password at the next authentication attempt. This property controls whether the password reset is mandatory before making API calls. If this property is not set to the recommended value of true, user accounts marked as Password needs reset can still perform operations by querying the table API through basic authentication. This security vulnerability could enable information leakage if an inactive account is compromised.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.authenticate.api.user.reset_password.mandatory |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | boolean |
| Recommended value | true |
| Default value | false |
| Category | Session management |
| Security risk |
|
| Dependencies and prerequisites | None |