No responce on session management (bug crowd)


No responce on session management (bug crowd)

i reported a vulnerability on bug crowd from my account : . its about a more then month its status changed to triaged but still no update form your side. And no reward for my finding . Can you please check the status. It was sumitted on 2017-01-19. this was the issue basically.  

Hi i found a vulnerability in your site and i observe that when we request a password reset link for the account and now login to the same account. In place of session expire after the login but the password reset link opens up and the password will be changed.

     Bug Type : Session Management issue

  • Reproducing Steps :
    1- Get Password Reset link for 
    2- Don't use the password reset link yet.
    3- Now Login to the 
    4- Now Use the password reset which we generated it opens up.
    5- And The Password Changed Successfully.
    Note :
    Password Reset Link should Expire when you login on the 3rd Step
    Husnain Iqbal



Contact me on this email : 


Hi @HusnainI4. Thanks for reaching out to us. I see what you mean by the password reset link still being active after you log into the account. The password reset link that you receive does stay active for 24 hours after it has been sent so that is why you were still able to access it. I apologize for any confusion or concern this may have caused you. I will note this feedback in your account and send it over to the appropriate team. 

Caitlin M.
Community Manager
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

You're not alone on your email marketing journey. Connect with a Marketing Advisor to see how they can help you develop the right strategy for your business and get the most out of your Constant Contact experience.