Session not invalid after changing e mail OR password
grim at reaperworld.com
Fri Oct 11 20:13:30 EDT 2019
On Sat, Sep 28, 2019 at 4:59 PM <hassan.jawaid012 at gmail.com> wrote:
> Hi there,
> I found broken session bug on your website. Your website is unable to validate the session. That may lead takeover victims account.
> 1. Go to https://developer.pidgin.im/login and log into your account from two different browsers.
> 2. Now change (PASSWORD OR EMAIL) from any browser you already logged in
> 3. You will be still logged into another browser.
> Kindly fix this issue.
We are in the process of replacing trac which will make this issue invalid.
Gary Kramlich <grim at reaperworld.com>
More information about the security