Comment by ensignavenger

Comment by ensignavenger 4 days ago

0 replies

View on Hacker News

That sounds like a TaskRabbit vulnerability (in your example), not a Google vuln? It is also a vulnerability in any email based sign in, which relies on email alone without a password to demonstrate account ownership. (Including password resets that rely on email).