security gap, second email
I think I found an error using which I can pass through a user account. You have entered the options for entering a second email in your settings. Now you can enter the second e-mail without confirming the password. Then you can set it as the main e-mail. Then you can change the password with the help of the newly entered e-mail!
This way you can change your account in a few seconds :(
Regards andy
Всички отговори (1)
Andy said
Now you can enter the second e-mail without confirming the password.
Before you can set a Secondary Email we require a verified session. See attached screenshot: "NOTE: Before you can view or make changes to this section, you will need to verify your email address.".
If you have a "verified" session, that means you verified your email in that session and that will allow you to add a secondary email. Otherwise you won't be able to do so.