Loading...

XML

Word

Printable

Type: Defect
Resolution: Done
Priority: Standard
Fix Version/s: 2.0.95
Affects Version/s: None
Component/s: Security
Labels:
None

Sprint:
Sprint 146

All valid forgot password tokens should be invalidated (or expired) after a successful password reset occurs for a user.

This ticket was inspired by this article:
https://paragonie.com/blog/2016/09/untangling-forget-me-knot-secure-account-recovery-made-simple

is related to

GTWY-4748 Forgot Password Tokens Stored in Plain Text

Done

Assignee:: Nathan Hook
Reporter:: Nathan Hook
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: 06/Sep/17 12:03 PM
Updated:: 07/Sep/17 4:05 PM
Resolved:: 07/Sep/17 11:22 AM