RSS Feed/News Passkey removal does not invalidate existing sessions

Status
Not open for further replies.
ENXF NET

ENXF NET

Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
Joined
Nov 13, 2018
Messages
20,119
Points
823

Reputation:

Steps to reproduce
  1. Create a new account
  2. Add a Passkey in browser context A
  3. Log into the account with the passkey in another browser context (B)
  4. Log into the account with username and password in a third browser context (C) using a backup code as TFA
  5. Remove the Passkey from browser context A
  6. Check session status in browser context B and C
  7. Add another passkey in browser context A
  8. Log into the account with the Passkey in browser context B
  9. Change the...

Read more

Continue reading...
 
Status
Not open for further replies.
Top