|
|
|
|
|
|
by etagwerker
3986 days ago
|
|
|
Using their authentication mechanism, a user should only get an access token with the right combination of client id and client secret. For at least 7 hours, anyone could get an access token for any client id, without entering the right client secret. With that access token they could see a lot of information for any account. |
|
|