Contact me for POC video.
When someone forget his/her password, each and every active sessions that belongs to that particular account must be destroyed!
I would recommend you to follow Facebook on this security issue.. They fixed this issue few months back by adding a process that asks users whether user want to close all open sessions or not right after changing password.
So there is two way, either you let users to choose if they want to keep active sessions or just destroy every active sessions when users change his/her password!
In this case 4 issue will be happen
Issue 1: Forced Browsing
Issue 2: Parameter Modification
Issue 3: Session Identifier Prediction
Issue 4: SQL Injection within Login Forms
Please think about this. This is very harmful for your site.
I look forward to hearing from you!
Thanks and Best Wishes.
Attacker will be still logged in your account even after changing password, cause his session is still active.. he'll have complete access on your account till that session expires! Also Attacker can do anything on your account.In summary, authentication bypass is an important area to focus on during a penetration test. Bypasses can come in many forms and often arise due to poor implementations such as placing trust in client side data, utilizing weak tokens or being careless with database queries and not using prepared statements.
Please contact me on may personal mail : email@example.com
What Main Domain are you talking about ?i am a bug hunter 'i wanna report a bug your main domain....
And why on Earth should someone contact an anonymous GMail Address holder,
to then talk about possible security Issues ?
I'm rarely active at the OC Forum lately. To reach me, contact: firstname.lastname@example.org
A Demoversion of my free OpenCart LIGHT v.220.127.116.11 Software Edition
can be seen in real Action here: http://www.jti.li/shop/
1'300+ FREE OC Extension-Repositories - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
Users browsing this forum: No registered users and 5 guests