You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary: Lack of security in change password leads to full account takeover when the session of the victim is hijacked and is logged in for the attaker
Steps to reproduce: Go to change password, and enter any random text and click change password, it will be changed without verification.
Impact: This vulnerability allows an attacker to takeover the full account after hijacking the session of victim