An issue in SurveyKing v1.3.1 allows malicious users to execute a session replay attack after a user changes their password.