Nextcloud: failure to invalidate session on password change

ID H1:145488
Type hackerone
Reporter pradeepch99
Modified 2017-04-20T15:09:39


Steps to reproduce 1. Login as user1 in firefox browser 2. Go to http://localhost/nextcloud/index.php/settings/personal 3. Go to other browser (chrome) and login as user1 4. Change the password in chrome

Observe that the session in firefox still works