search

Snorby / snorby

Ruby On Rails Application For Network Security Monitoring
Other
1k stars 226 forks source link

Password Reset Link is Resetting Wrong User's Password #406

Open legendaryjerry opened 8 years ago

legendaryjerry commented 8 years ago

Version: Snorby 2.6.2 I confirmed his issue on two separate Snorby instances.

How to reproduce:

  1. User submits a password reset request
  2. An email is sent to the user to reset their password
  3. The user clicks the link to reset their password.
  4. The user is automatically logged in as a different admin user
  5. The user can then log out and log back in as the wrong user.