reset password vulnerability

Ask the community for help and support.
Post Reply
Mikepo
Posts: 15
Joined: Mon Oct 26, 2020 12:58 pm
Has thanked: 5 times
Been thanked: 1 time

reset password vulnerability

Post by Mikepo »

re:
https://forums.oscommerce.com/topic/496 ... erability/

This option only works if the user changes the password after logging in.

If the user changes the password using the forgotten password option, then all other sessions in different browsers still stay logged in.

This was checked using CE Frozen.
Has this hook been added to phoenix yet, I couldn't find it?

Tags:
ecartz
Lead Developer
Lead Developer
Posts: 2637
Joined: Tue Nov 05, 2019 6:02 pm
Has thanked: 4 times
Been thanked: 181 times

Re: reset password vulnerability

Post by ecartz »

The reason why that is a hook is so you can add it if you want that behavior.

I do not think that is a desirable behavior in general, so I have no intent to add this to core.
Post Reply