Broken Authentication and Session Management

Hi, Hope you are good! Steps to Reproduce: 1) Create a Secret account having email address "[email protected]". 2) Now Logout and ask for password reset link. Don't use the password reset link. 3) Login using the same password back and update your email address to "[email protected]" and verify the same. 4) Now logout and use the password reset link which was mailed to "[email protected]" in step 2. 5) Password will be changed. All previous password reset links should automatically expire once a user changes his email address. Please let me know if this can be fixed. Best Regards, Vinoth Kumar J