๐ Stripo Inc: OLD SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
OLD SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE Description: On changing password both session using which user changes password and old sessions in any other browser or device does not expire and remains active. STEPS TO REPRODUCE: Log in to Browser A and make sure to check 'stay logged in to this device' checkbox while logging in. From Browser B login to your account and change password Notice that Session on Browser A will remain active and does not expire. POC: Video Attached Impact IMPACT: Due to this bug, there is no way for the victim to revoke access of attacker if account has been already... ...