Closed Bug 1048030 Opened 10 years ago Closed 10 years ago

Session Managment

Categories

(bugzilla.mozilla.org :: Administration, task, P3)

Development
x86_64
Windows 8

Tracking

()

RESOLVED DUPLICATE of bug 1045767

People

(Reporter: rschauhan13, Unassigned)

References

()

Details

Attachments

(1 file)

Steps to reproduce :
1) Create a https://bugzilla.mozilla.org account having email address "abc@x.com".
2) Now Logout and ask for password reset link. Don't use the password reset link.
3) Login using the same password back and update your email address to "def@x.com" and verify the same.
4) Now logout and use the password reset link which was mailed to "abc@x.com" in step 2.
5) Password will be changed.

All previous password reset links should automatically expire once a user changes his email address.
Please let me know if this can be fixed.

Best Regards
Ranjeet
Group: core-security → bugzilla-security
Component: Security → Administration
Priority: -- → P3
Product: Core → bugzilla.mozilla.org
Version: unspecified → Development/Staging
(In reply to Ranjeet Singh from comment #1)
> Created attachment 8466798 [details]
> 10579010_649181838511129_368177136_o.jpg

What does this have to do with the issue mentioned in comment #0?

Also, looks like you just modified the source to add that oninput=... If so, that's not a valid security issue.
No sir its a mistake bug is

Steps to reproduce :
1) Create a https://bugzilla.mozilla.org account having email address "abc@x.com".
2) Now Logout and ask for password reset link. Don't use the password reset link.
3) Login using the same password back and update your email address to "def@x.com" and verify the same.
4) Now logout and use the password reset link which was mailed to "abc@x.com" in step 2.
5) Password will be changed.

All previous password reset links should automatically expire once a user changes his email address.
Please let me know if this can be fixed.

Best Regards
Ranjeet
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
(In reply to Ranjeet Singh from comment #3)
> No sir its a mistake bug is
> 
> Steps to reproduce :
> 1) Create a https://bugzilla.mozilla.org account having email address
> "abc@x.com".
> 2) Now Logout and ask for password reset link. Don't use the password reset
> link.
> 3) Login using the same password back and update your email address to
> "def@x.com" and verify the same.
> 4) Now logout and use the password reset link which was mailed to
> "abc@x.com" in step 2.
> 5) Password will be changed.
> 
> All previous password reset links should automatically expire once a user
> changes his email address.
> Please let me know if this can be fixed.

The wording here is identical to the wording in https://bugzilla.mozilla.org/show_bug.cgi?id=1045767#c0 , except for the sample e-mail address.

  -- simon
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: