VULNERABILITY- PASSWORD RESET IS NOT PROPERLY ENFORCED
Luke Schierer
lschiere at pidgin.im
Mon Sep 28 08:43:06 EDT 2015
Pidgin cannot enforce this, it is up to each individual service.
On Fri, Sep 25, 2015 at 07:12:41AM -0700, Russel Laurio wrote:
> Hello Pidgin, i notice that if i request a new password and if the password
> has been sent unto me, it is not properly reset or changed. I can still
> login with my old password and the new password won't login.
>
> Error
>
> Invalid username or password
>
>
> was displayed.
>
>
> Kindly take a look sir.
>
>
> God Bless,
>
> Regards,
>
> Russel
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
More information about the security
mailing list