Phabricator: Forgot Password Issue

2014-08-09T20:02:01
ID H1:23363
Type hackerone
Reporter xtross1
Modified 2014-09-10T19:16:02

Description

Hi,

The application authenticates user before the password is changed by the user.

POC: 1. User attempts password reset 2. User gets verification link 3. User access link and gets authenticated automatically before performing any password change