Name of the Vulnerable Software and Affected Versions:

answerdev/answer versions prior to 1.1.0

Description:

The issue concerns password aging with long expiration in the answerdev/answer GitHub repository. Specifically, the problem is that password reset links do not expire, making the system vulnerable to account takeover. This is a significant concern for security as it could allow unauthorized access to accounts.

Recommendations:

For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures such as restricting access to password reset functionality or monitoring for suspicious activity.