Weeks after Twitter’s ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn’t close all of a user’s active logged-in sessions on Android and iOS after an account’s password was reset. From a report: This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance. Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user’s Twitter account. In a blog post, Twitter explains that it had learned of the bug that had allowed “some” accounts to stay logged in on multiple devices after a user reset their password voluntarily. Typically, when a password reset occurs, the session token that keeps a user logged into the app is also revoked

Link to original post https://tech.slashdot.org/story/22/09/22/1555248/twitter-discloses-it-wasnt-logging-users-out-of-accounts-after-password-resets?utm_source=rss1.0mainlinkanon&utm_medium=feed from Teknoids News

Read the original story