: Mention best practices like ensuring tokens expire after a single use or a short time window. Option 2: Password Reset Activity Audit Report
: A brief description of the issue. For example, "The password reset page does not properly invalidate the authenticity token on the server side". Steps to Reproduce :
To provide the most useful report, I have drafted two versions based on common needs: a (for IT/developers) and an Activity Audit Report (for managers/admins). Option 1: Password Reset Vulnerability Report password reset
: State clearly that the link will expire (e.g., in 24 hours).
Use this if you are reporting a bug or a security flaw in a password reset system. : Mention best practices like ensuring tokens expire
: Always include a reassuring statement for users who did not initiate the request.
Building a report for password resets - ServiceNow Community Steps to Reproduce : To provide the most
: Explain what an attacker could do, such as a full account takeover.