Summary by VIVEK_PANDAY
Summary:
While conducting my researching I discovered that the application Failure to invalidate session after changing the password doesn't destroys the other sessions which are logged in with old passwords.
Steps To Reproduce:
1) Open same accounts in two different browsers
2) Change password in one browser and you will see that another browser still validate the session after password change (even after refresh the page ).