> NOTE! Thanks for submitting a report! Please replace all the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!
Summary: Authorization Token is Not expiring After Logout
Description: Hello Team,
I have observed the application is assigning auth token after successful login to every user which is part of every request user made to application. If user click on logout sill auth token is not expiring which is not a good security practise. An attacker can steal the auth token via Man in the Middle attack because HSTS is not implemented.
(Add details for how we can reproduce the issue)
Auth token should be expired after user logout. If an attacker get access to auth token he can user this token after user logout of application to delete/add password list.