re:
https://forums.oscommerce.com/topic/496 ... erability/
This option only works if the user changes the password after logging in.
If the user changes the password using the forgotten password option, then all other sessions in different browsers still stay logged in.
This was checked using CE Frozen.
Has this hook been added to phoenix yet, I couldn't find it?
reset password vulnerability
-
- Lead Developer
- Posts: 2637
- Joined: Tue Nov 05, 2019 6:02 pm
- Has thanked: 4 times
- Been thanked: 181 times
Re: reset password vulnerability
The reason why that is a hook is so you can add it if you want that behavior.
I do not think that is a desirable behavior in general, so I have no intent to add this to core.
I do not think that is a desirable behavior in general, so I have no intent to add this to core.