Reset authinfo pw on registrant change #2892
Description
Transfer/auth code is generally used for authorizing registrar transfer (https://datatracker.ietf.org/doc/html/rfc5731#section-3.2.4). But it could also be used to signal registrant consent for registrant change (https://datatracker.ietf.org/doc/html/rfc5731#section-3.2.5).
Currently the code is reset only on registrar transfer, creating a security risk if used for any other purpose.
Todo: Reset authInfo pw on registrant transfer in addition to registrar transfer