Y
Hacker News
new
|
ask
|
show
|
jobs
by
N_A_T_E
1198 days ago
Wow, I just tried and it’s very easy. Seems like a huge miss of privilege escalation allowing someone with the pin and phone to escalate to full password. This should require the old password or more steps.