+ 3

Why does sololearn not require you to type the current password before changing it

This is leaving your app vulnerable I could change the password of anybody's account once i have access to their phone

17th Jun 2018, 5:23 PM
Reverse
Reverse - avatar
7 ответов
0
I see what you're getting at but the standards aren't requirements. They aren't laws either. That means the sololearn company decided it might waste their development time to implement it. Remember, they're priority is to generate revenue longterm. spending time on a feature like that isn't a priority. It's a sad fact but it is a reality many companies face when designing their systems. It's a decent concern and you could maybe look for a moderator or a error reporting form and ask them to change it. Not sure it would be changed though. At least anytime soon.
24th Jun 2018, 8:37 AM
Xpl0it
Xpl0it - avatar
+ 2
You can """hack""" anybody's account from any website if you have access to their phone. (Because access to their phone also implies access to their email and any 2 factor authentication).
17th Jun 2018, 5:25 PM
Vlad Serbu
Vlad Serbu - avatar
+ 2
own a moderator account or even promote my account but the point is not what i would do but the fact that sololearn is deviating from security standards by letting users change passwords without retyping the previous password
24th Jun 2018, 8:11 AM
Reverse
Reverse - avatar
+ 1
what do you plan to do to their account besides lock them out even if you did "hack" their account? the damage is minimal at best.
23rd Jun 2018, 1:48 AM
Xpl0it
Xpl0it - avatar
0
Because they don't care about security and privacy. All they want is money.
2nd Aug 2018, 4:27 PM
N00B
0
they are non-profit making organization @noob
4th Aug 2018, 2:50 PM
Reverse
Reverse - avatar
0
Reverse Non-Profit? Haha, haven't you seen the ads here on Sololearn?
4th Aug 2018, 2:52 PM
N00B