failure to invalidate session on password change
Unknown
Vulnerability Details
Steps to reproduce
1. Login as user1 in firefox browser
2. Go to http://localhost/nextcloud/index.php/settings/personal
3. Go to other browser (chrome) and login as user1
4. Change the password in chrome
Observe that the session in firefox still works
Actions
View on HackerOneReport Stats
- Report ID: 145488
- State: Closed
- Substate: informative
- Upvotes: 2