Password protection for already shared links insecure

[4miners]

Expected behavior

When enabling password protection for a shared link user can expect that access to that link (which may have already been shared) would require the password.

Actual behavior

This behavior is not entirely true, as links are shared with a default password (included after a hashtag), so everyone who has the sharing link already has the password too. This can be misleading for users and is a potential vulnerability.

Steps to reproduce

• Select a file, enable sharing for it, this will generate the link with a password included after a hashtag.
  
• Share the link with some people.
• Enable password protection for that link.
  
• People who have the first link (with hashtag) still have the access to the file, as the password is the same by default.