Black & White Path
Jun 19, 2026 · Information Security
How a Crowdtesting Find Exposed an Arbitrary Password‑Reset Vulnerability
During a crowdtesting engagement the author uncovered a critical identity‑verification flaw that lets anyone change any user's password using only the username and phone number, detailing the discovery process, exploited endpoints, and the low barrier to hijack accounts.
URL enumerationVulnerabilitycrowdtesting
0 likes · 5 min read
