Comment by horsawlarway
4 days ago
So you use email/pass and the reset password email dumps right to the new party as well, because they control the MX records for the domain?
4 days ago
So you use email/pass and the reset password email dumps right to the new party as well, because they control the MX records for the domain?
That's why allowing account recovery using (exclusively) email is indeed a security problem.