i reported a vulnerability on bug crowd from my account : . its about a more then month its status changed to triaged but still no update form your side. And no reward for my finding . Can you please check the status. It was sumitted on 2017-01-19. this was the issue basically.
Hi i found a vulnerability in your site and i observe that when we request a password reset link for the account and now login to the same account. In place of session expire after the login but the password reset link opens up and the password will be changed.
Bug Type : Session Management issue
Reproducing Steps : 1- Get Password Reset link for 2- Don't use the password reset link yet. 3- Now Login to the 4- Now Use the password reset which we generated it opens up. 5- And The Password Changed Successfully. Note : Password Reset Link should Expire when you login on the 3rd Step Thanks Regards Husnain Iqbal
... View more