Session not invalid after changing e mail OR password

hassan.jawaid012 at gmail.com
Sat Sep 28 17:59:38 EDT 2019


Hi there,
I found broken session bug on your website. Your website is unable to validate the session. That may lead takeover victims account.

Reproduce:
1. Go to https://developer.pidgin.im/login and log into your account from two different browsers.
2. Now change (PASSWORD OR EMAIL) from any browser you already logged in
3. You will be still logged into another browser.

Kindly fix this issue.
Thx,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.pidgin.im/private/security/attachments/20190929/c90dd605/attachment.html>


More information about the security mailing list