Closed webcompat-bot closed 5 years ago
Thanks for the report, but this is not a Compatibility issue.
For this project we try to focus our effort on layouts, features or content that works as expected in one browser but not in another. Closing the issue as Invalid.
Suggestion: Contact the site owner and point out the issue.
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue at https://webcompat.com/issues/new if you are experiencing a similar problem.
URL: https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f
Browser / Version: Firefox 64.0 Operating System: Windows 7 Tested Another Browser: Yes
Problem type: Something else Description: Vulnerability Report (2) Failure to invalidate session on Password Reset Steps to Reproduce: Hi team,
Hope you are doing fine.
Myself, Ather Iqbal, Research Executive. i would like to bring your kind attention that i founded this VULNERABILITY in your WEBSITE.
VULNERABILITY (2) : Failure to invalidate session on Password Reset
DETAILS: We observe that when we change password from password reset form one browser in place of session expire from other browser it just updates password from other browser and the old session got updated without being logout.
STEPS TO CHECK SESSION MANAGEMENT ISSUED ON PASSWORD RESET:
1- Login to your account in one browser. 2- Generate password reset link in second browser for the same account 3- Open the password reset link in second browser and change the password. 4- Your Session Got Updated in place of expiration in other browser.
RECOMMENDATIONS:
Considering above vulnerability, we suggest you to kindly revisit your website design with your web development team.
If Session is Updating From One Browser so Other Should Expire First to renew session after login
We will be more happy to hear from you in this regard.
Have a nice day.
Best Regards
Browser Configuration
Console Messages:
From webcompat.com with ❤️