Password reset link doesn't expire.

Disclosed: 2014-06-05 10:34:03 By shahriar To factlink

Unknown

Vulnerability Details

The password reset link sent by Factlink doesn't expire even after a long period of time. As Factlink account can be created 'without confirming' email id, so, this should be patched for the best practice.

Actions

View on HackerOne

Report Stats

Report ID: 14461
State: Closed
Substate: resolved
Upvotes: 1

Password reset link doesn't expire.

Vulnerability Details

Actions

Report Stats

Share this report