

A bug in Assembla - Techasura

Today, found a major flaw in ASSEMBLA tool.
Let me try to explain my not so good English,
First step: Signup for assembla tool.
second: Click on forgot password...
and what happens? You get email notification.
Cool, this link that you get in your email inbox doesn't expire.... IT won't. Nope. Even after using 100 times, it wont at all.
So, what? 
if someone has this link, they can changed my password, why just change? Don't even change just clicking on the reset link will have you logged in to the account. 
ASSEMBLA is such a big company and i didn't expect this to happen. 
As a team, we are backing off from this tool, right from this moment.
======
mpchlets
As for backing off - bugs happen, can't say they won't - but we fix things as
soon as we are alerted of them. We hope you reconsider.

------
mpchlets
It would have been nice to receive a message to support about this, but we do
monitor Hacker News.

We will get this fixed ASAP.

~~~
mpchlets
A patch has been applied - link should expire in 48 hrs now - please check it
out and let us know

------
plextoria
Have you contacted them?

------
ibudiallo
I hope you let them know first before you posted here.

