+ 3
Why does sololearn not require you to type the current password before changing it
This is leaving your app vulnerable I could change the password of anybody's account once i have access to their phone
7 ответов
0
I see what you're getting at but the standards aren't requirements. They aren't laws either. That means the sololearn company decided it might waste their development time to implement it. Remember, they're priority is to generate revenue longterm. spending time on a feature like that isn't a priority. It's a sad fact but it is a reality many companies face when designing their systems.
It's a decent concern and you could maybe look for a moderator or a error reporting form and ask them to change it. Not sure it would be changed though. At least anytime soon.
+ 2
You can """hack""" anybody's account from any website if you have access to their phone. (Because access to their phone also implies access to their email and any 2 factor authentication).
+ 2
own a moderator account or even promote my account but the point is not what i would do but the fact that sololearn is deviating from security standards by letting users change passwords without retyping the previous password
+ 1
what do you plan to do to their account besides lock them out even if you did "hack" their account? the damage is minimal at best.
0
Because they don't care about security and privacy. All they want is money.
0
they are non-profit making organization @noob
0
Reverse Non-Profit? Haha, haven't you seen the ads here on Sololearn?