Session misconfiguration on forget password feature at https://ort-admin.pingone.com

Summary: After looking into session related bugs , i can see that Session misconfiguration on forget password feature at https://ort-admin.pingone.com Steps To Reproduce: 1) go to https://ort-admin.pingone.com and login as user-A in browser-A 2) go to https://ort-admin.pingone.com and click on forget password in browser-B 3) change that password from reset link in browser-B 4) still you can see that session is valid in browser-A Mitigation: There should be session invalidate from all browser on forget password change Supporting Material/References: OWASP session misconfiguration Thanks, Vishal Impact Session misconfiguration on forget password feature at https://ort-admin.pingone.com PROGRAM NOTE: This issue is well-known, and per our scope document, is not eligible for bounties.