It is important to implement password checks on sensitive features like email change
1) Go to https://rdiffweb-demo.ikus-soft.com/login/
2) Use the credentials admin , admin123 and login into your account
3) Navigate to the endpoint https://rdiffweb-demo.ikus-soft.com/prefs/general
4) Change the email and save changes
5) You will notice that there is no password confirmation during this sensitive action
Mitigation: There must be a password confirmation on sensitive actions like email change