Hi, I have a question.
Don't worry, this thread is not about phpBB security holes.
I have a member on one of my forums that had his password cracked a few months ago. He foolishly used the same password on another forum(a non-phpBB forum that didn't encrypt passwords) and the admin/mod of that forum used the password to access this members account on my forum.
That situation has been sorted out and the member changed his password since than. Now here's my question...
I am logged in on my forum account from both work and home. When I change my password at home I am still logged in at work. Correct?
So wouldn't this mean that even though this member changed his password the culpit still secretly has access to his account??? (Unless he deleted his cookies or logged out)
I'm asking because this member will be made a mod soon.