|
|
|
|
|
|
by varenc
12 days ago
|
|
|
> The first proper zero auth password reset I've seen in production. In 2011 Dropbox briefly had an even easier "zero auth exploit". For a couple hours if you typed in any email on the login page, password checking was skipped and you could login to any account. Albeit, you still couldn't reset the user password, just login. https://techcrunch.com/2011/06/20/dropbox-security-bug-made-... |
|
|
My IT department had a blast with that one, pure disbelief that it worked on all of our systems
https://arstechnica.com/information-technology/2017/11/macos...