No option to logout concurrent sessions
Unknown
Vulnerability Details
**Description**
When I login to Hackerone using two different computers I can easily browse the session concurrently . This means that if an attacker somehow knows password of user by any means he can login using that info and the main user will not get notified.
**FIX**
If someone else login to a account, the main user should get a notification or there should a section to see all active sessions and to terminate them.
Actions
View on HackerOneReport Stats
- Report ID: 20122
- State: Closed
- Substate: informative
- Upvotes: 5