Description
Hello AppFlowy Team and Community,
I noticed that when a user changes their account password, other currently logged-in devices (such as web, desktop PCs or the mobile app) remain authenticated and can continue to access the data without being forced to log out or re-authenticate.
Thank you for this amazing project!
Impact
This is a significant security flaw. If a user's account is compromised or a device is lost/stolen, changing the password does not protect the account, as the unauthorized person or device will maintain full access indefinitely.
Additional Context
No response
Description
Hello AppFlowy Team and Community,
I noticed that when a user changes their account password, other currently logged-in devices (such as web, desktop PCs or the mobile app) remain authenticated and can continue to access the data without being forced to log out or re-authenticate.
Thank you for this amazing project!
Impact
This is a significant security flaw. If a user's account is compromised or a device is lost/stolen, changing the password does not protect the account, as the unauthorized person or device will maintain full access indefinitely.
Additional Context
No response