| ▲ | varenc 11 days ago | |
> The first proper zero auth password reset I've seen in production. In 2011 Dropbox briefly had an even easier "zero auth exploit". For a couple hours if you typed in any email on the login page, password checking was skipped and you could login to any account. Albeit, you still couldn't reset the user password, just login. https://techcrunch.com/2011/06/20/dropbox-security-bug-made-... | ||
| ▲ | californical 11 days ago | parent | next [-] | |
Remember this MacOS bug? Letting you login to any computer as a root user by typing "root" as the username with no password. My IT department had a blast with that one, pure disbelief that it worked on all of our systems https://arstechnica.com/information-technology/2017/11/macos... | ||
| ▲ | parable 11 days ago | parent | prev [-] | |
What about Hotmail's "eh" flaw of 1999? I'd say a two-letter password is practically "zero auth". | ||