From 31827905ec21a40fb5774cb3162030e87fca7e88 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 6 Mar 2020 15:41:38 +0100
Subject: [PATCH] fix: [settings] `require_password_confirmation` set to true
 by default

---
 app/Model/Server.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Model/Server.php b/app/Model/Server.php
index fb8ceb854..ef5cee823 100644
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@@ -1262,7 +1262,7 @@ class Server extends AppModel
                         'require_password_confirmation' => array(
                             'level' => 1,
                             'description' => __('Enabling this setting will require users to submit their current password on any edits to their profile (including a triggered password change). For administrators, the confirmation will be required when changing the profile of any user. Could potentially mitigate an attacker trying to change a compromised user\'s password in order to establish persistance, however, enabling this feature will be highly annoying to users.'),
-                            'value' => false,
+                            'value' => true,
                             'errorMessage' => '',
                             'test' => 'testBool',
                             'type' => 'boolean',