RelateIQ: Old Sessions remain valid after the password change.

2014-04-28T20:40:51
ID H1:10186
Type hackerone
Reporter siddiki
Modified 2014-06-11T08:54:02

Description

Industry Standard Procedure When the password is changed or email address has been updated for any particular account,all the sessions which were active with the old password/email should be destroyed. Reason If somehow anybody hacked into your account and you understand that someone has trespassed into your account,then what will you do?You will change your password to secure your account.But in relateIQ changing the password doesnot destroys the other sessions which are logged in with old passwords.So,your account remains insecure even after the changing of password.