So I received an email from a user. He forgot to log off his account while on a public computer and left the window open.
Anyway, his account was open. You can change the email on file or the password without even knowing the current password or having to confirm a email for the changes to take place.
This should be looked at for sure.
3 posts • Page 1 of 1