Unauthenticated email address change on account

State Resolved
December 1, 2020
Issue ID G8I8ffYrw
Asset Web application
Bounty $2,500
Reported at December 1, 2020
Reporter Faisal Hamou
Severity Critical
Visibility Limited
Weakness CWE 349 - Acceptance of Extraneous Untrusted Data With Trusted Data

Description

The malicious user could potentially update the victim's email address under given circumstances.


The rest of the report is undisclosed.