Closed
Bug 1048030
Opened 10 years ago
Closed 10 years ago
Session Managment
Categories
(bugzilla.mozilla.org :: Administration, task, P3)
Tracking
()
RESOLVED
DUPLICATE
of bug 1045767
People
(Reporter: rschauhan13, Unassigned)
References
()
Details
Attachments
(1 file)
225.32 KB,
image/jpeg
|
Details |
Steps to reproduce : 1) Create a https://bugzilla.mozilla.org account having email address "abc@x.com". 2) Now Logout and ask for password reset link. Don't use the password reset link. 3) Login using the same password back and update your email address to "def@x.com" and verify the same. 4) Now logout and use the password reset link which was mailed to "abc@x.com" in step 2. 5) Password will be changed. All previous password reset links should automatically expire once a user changes his email address. Please let me know if this can be fixed. Best Regards Ranjeet
Reporter | ||
Updated•10 years ago
|
Group: core-security → bugzilla-security
Component: Security → Administration
Priority: -- → P3
Product: Core → bugzilla.mozilla.org
Version: unspecified → Development/Staging
Reporter | ||
Comment 1•10 years ago
|
||
Comment 2•10 years ago
|
||
(In reply to Ranjeet Singh from comment #1) > Created attachment 8466798 [details] > 10579010_649181838511129_368177136_o.jpg What does this have to do with the issue mentioned in comment #0? Also, looks like you just modified the source to add that oninput=... If so, that's not a valid security issue.
Reporter | ||
Comment 3•10 years ago
|
||
No sir its a mistake bug is Steps to reproduce : 1) Create a https://bugzilla.mozilla.org account having email address "abc@x.com". 2) Now Logout and ask for password reset link. Don't use the password reset link. 3) Login using the same password back and update your email address to "def@x.com" and verify the same. 4) Now logout and use the password reset link which was mailed to "abc@x.com" in step 2. 5) Password will be changed. All previous password reset links should automatically expire once a user changes his email address. Please let me know if this can be fixed. Best Regards Ranjeet
Updated•10 years ago
|
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Comment 5•10 years ago
|
||
(In reply to Ranjeet Singh from comment #3) > No sir its a mistake bug is > > Steps to reproduce : > 1) Create a https://bugzilla.mozilla.org account having email address > "abc@x.com". > 2) Now Logout and ask for password reset link. Don't use the password reset > link. > 3) Login using the same password back and update your email address to > "def@x.com" and verify the same. > 4) Now logout and use the password reset link which was mailed to > "abc@x.com" in step 2. > 5) Password will be changed. > > All previous password reset links should automatically expire once a user > changes his email address. > Please let me know if this can be fixed. The wording here is identical to the wording in https://bugzilla.mozilla.org/show_bug.cgi?id=1045767#c0 , except for the sample e-mail address. -- simon
You need to log in
before you can comment on or make changes to this bug.
Description
•