Broken Authentication

Hello there

I Found A Critical bug on your website. It should be dangerous for your user ??

Here are the steps.

Steps to reproduce the bug :
Step 1 : Go to (Web Browser A) at and login with your credentials at ( Accointing - Cryptocurrency Portfolio Tracking & Tax Software ) and login with your credentials.

Step 2 : Similarly, Go to Your ( App Browser B) at and login with your same credentials at ( Accointing - Cryptocurrency Portfolio Tracking & Tax Software ) and login with your credentials.

Step 3 : Suppose Your ( App Browser B) is a shared My phone, and you left your account logged in at that computer. Go to (Web Browser A) and change your account
password.

Step 4 : When you change your account password at (Web Browser A) , the session at Your ( App Browser B) should expire and the account should automatically logged out.

Step 5 : Go to Your ( App Browser B), and visit your account page and refresh the page.

You will notice that even after changing the account password at (Web Browser A) , the session at Your ( App Browser B) didn’t expire which can cause major problems. And also after that I can change any user information ??

Impact
Authentication and session management includes all aspects of handling user authentication and managing active sessions. Authentication is a critical aspect of this process, but even solid authentication mechanisms can be undermined by flawed credential management functions, including password change, forgetting my password, remembering my password, account update, and other related functions. Because “walk by” attacks are likely for many web applications, all account management functions should require re authentication even if the user has a valid session id.

Thanks ??




Thanks for bringing that to our attention. I have created a bug for it and will keep you posted once this is fixed. I appreciate your time and patience.

Do you know who could fix it? You can earn $5,000 by referring someone here: ACCOINTING.com Referral Program: Earn $5.000! - We Are Hiring - Accointing.com