Broken Authentication and Session Management

Hi, Hope you are good! Steps to repro: 1) Create a Phabricator account having email address "[email protected]". 2) Now Logout and ask for password reset link. Don't use the password reset link sent to your mail address. 3) Login using the same password back and update your email address to "[email protected]" and verify the same. Remove "[email protected]". 4) Now logout and use the password reset link which was mailed to "[email protected]" in step 2. 5) Password will be changed. All previous password reset links should automatically expire once a user changes his email address. Please fix this. Best Regards Anand Prakash