New and Old Password Both Work in Picketbox Authentication
Issue
- New and old passwords work
- Once new password is used, old stops working
Environment
- Red Hat JBoss Enterprise Application Platform (JBoss EAP) 6 or 7
- Picketbox security
cache-type="default"
orcache-type="infinispan"
- Existing, unexpired session authenticated with old password
- Password changed after session began
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.