Password reset link not expired in answerdev/answer


Reported on

Mar 21st 2023

Hi team, I hope you are well today.

This is the step: Reset your password with this link

I have recognized that links can use many times.


active account have the same vulnerability.

Ok thank.

here is the same report:


account takeover

We are processing your report and will contact the answerdev/answer team within 24 hours. 2 months ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 2 months ago
2 months ago


anyone here :')

answerdev/answer maintainer validated this vulnerability a month ago

oiiwroo has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
answerdev/answer maintainer marked this as fixed in 1.0.6 with commit 813ad0 a month ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
answerdev/answer maintainer published this vulnerability a month ago
a month ago


Thank :)

to join this conversation