example.com/password_reset?username=<username>
You could basically type that in and replace <username> with any username you wished and reset their password.
The sad part was how obscenely long it took them to close those holes (couple of weeks).
example.com/password_reset?username=<username>
You could basically type that in and replace <username> with any username you wished and reset their password.
The sad part was how obscenely long it took them to close those holes (couple of weeks).