Details
-
Bug
-
Resolution: Won't Fix
-
Medium
Description
Without having the new two-factor verification system enabled, I tried the new "ssh git@bitbucket.org password" command.
It let me change my password without even confirming the old password.
This worries me, because it means if an ssh key on a remote machine (mostly used for deployment) is compromised, an attacker will be able to change my bitbucket password without knowing my current password.
Please consider requiring the old password to be provided before accepting a password change. Or even better, provide an account setting for disabling the ssh password command completely.
(Also, it would be great to set some SSH keys as "read-only" in every way (repositories, or anything else the ssh interface provides), but that's probably better handled as a separate issue)