|
|
|
|
|
|
by alldayeveryday
1400 days ago
|
|
|
Exactly. A malicious employee could login as any user to popular services like WhatsApp, Telegram and others that are SMS auth only, simply by knowing which endpoint to hit to kickoff an auth session initiation. I hope I am not understanding this exploit correctly. This would be a massive failure on Twilio part to allow employees access to the auth code. |
|
|