Users able to alter own "Failed Login" value in User/Profile

[stewrg]

Users can change the value of Number of failed Login Attempts in their own profile. Not sure this is intentional. It makes it possible to enter a high number - which in turn logs them out of the system. Curious minds create mischief!

Can this be made a 'read only' box?

[massar]

That is correct it seems as we have: pfset:"self,group_admin" pfget:"group_admin"

Indeed, we should only allow 'reset to 0' there.