Comment by horsawlarway
Comment by horsawlarway 3 months ago
So you use email/pass and the reset password email dumps right to the new party as well, because they control the MX records for the domain?
Comment by horsawlarway 3 months ago
So you use email/pass and the reset password email dumps right to the new party as well, because they control the MX records for the domain?
That's why allowing account recovery using (exclusively) email is indeed a security problem.