Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
The implementation is working as expected. Password reset links are valid for 1 day.
Password Reset Link not expiring after changing the email Leads To Account Takeover
Disclosed by lucifer7704- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date over 1 year ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by lucifer7704
Token not invalidated after change of email