๐ Twitter Discloses It Wasn't Logging Users Out of Accounts After Password Resets
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: tech.slashdot.org
Weeks after Twitter's ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn't close all of a user's active logged-in sessions on Android and iOS after an account's password was reset. From a report: This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance. Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user's Twitter account. In a blog post, Twitter explains that it had learned of the bug that had allowed "some" accounts to stay logged in on multiple devices after a user reset their password voluntarily. Typically, when a password reset occurs, the session token that keeps a user logged into the app is also revoked -- but that didn't take place on mobile devices, Twitter says. Web sessions, however, were not impacted and were closed appropriately, it noted.
Read more of this story at Slashdot.
...