HackerOne: No option to logout concurrent sessions

2014-07-15T16:03:54
ID H1:20122
Type hackerone
Reporter ashesh
Modified 2014-07-17T22:27:20

Description

Description When I login to Hackerone using two different computers I can easily browse the session concurrently . This means that if an attacker somehow knows password of user by any means he can login using that info and the main user will not get notified.

FIX If someone else login to a account, the main user should get a notification or there should a section to see all active sessions and to terminate them.