in Progress
J
Nobody assigned yet
Security testing revealed that password reset tokens can be reused multiple times, allowing potential account takeover if a token is compromised. Tokens should be invalidated immediately after first use.