+ 3

Why does sololearn not require you to type the current password before changing it

This is leaving your app vulnerable I could change the password of anybody's account once i have access to their phone

sololearn app security password hacking insecure administrator cyptography

17th Jun 2018, 5:23 PM

Reverse

7 Respostas

I see what you're getting at but the standards aren't requirements. They aren't laws either. That means the sololearn company decided it might waste their development time to implement it. Remember, they're priority is to generate revenue longterm. spending time on a feature like that isn't a priority. It's a sad fact but it is a reality many companies face when designing their systems. It's a decent concern and you could maybe look for a moderator or a error reporting form and ask them to change it. Not sure it would be changed though. At least anytime soon.

24th Jun 2018, 8:37 AM

Xpl0it

+ 2

You can """hack""" anybody's account from any website if you have access to their phone. (Because access to their phone also implies access to their email and any 2 factor authentication).

17th Jun 2018, 5:25 PM

Vlad Serbu

+ 2

own a moderator account or even promote my account but the point is not what i would do but the fact that sololearn is deviating from security standards by letting users change passwords without retyping the previous password

24th Jun 2018, 8:11 AM

Reverse

+ 1

what do you plan to do to their account besides lock them out even if you did "hack" their account? the damage is minimal at best.

23rd Jun 2018, 1:48 AM

Xpl0it

Because they don't care about security and privacy. All they want is money.

2nd Aug 2018, 4:27 PM

N00B

they are non-profit making organization @noob

4th Aug 2018, 2:50 PM

Reverse