Legal Robot: Change password session fixed

2017-08-16T16:49:15
ID H1:260751
Type hackerone
Reporter darkag29
Modified 2017-08-24T19:49:46

Description

vulnerability: While changing the password it should show that the password was changed successfully and then it should log out instead it remains on the same webpage.It does not even show that the old password entered is correct or not.when we enter the new password in both the fields incorrect then also it shows no notification.

Steps to reproduce 1.Login to your account 2.Click on the rightmost top corner on account 3.Click on change password 4.Enter the old password 5.Enter the new passwords

Check the attachment as proof