Session not invalid after changing e mail OR password
Gary Kramlich
grim at reaperworld.com
Fri Oct 11 20:13:30 EDT 2019
On Sat, Sep 28, 2019 at 4:59 PM <hassan.jawaid012 at gmail.com> wrote:
> Hi there,
>
> I found broken session bug on your website. Your website is unable to validate the session. That may lead takeover victims account.
>
> Reproduce:
>
> 1. Go to https://developer.pidgin.im/login and log into your account from two different browsers.
> 2. Now change (PASSWORD OR EMAIL) from any browser you already logged in
> 3. You will be still logged into another browser.
>
> Kindly fix this issue.
We are in the process of replacing trac which will make this issue invalid.
> Thx,
Thanks,
--
Gary Kramlich <grim at reaperworld.com>
More information about the security
mailing list