How a Crowdtesting Find Exposed an Arbitrary Password‑Reset Vulnerability
During a crowdtesting engagement the author uncovered a critical identity‑verification flaw that lets anyone change any user's password using only the username and phone number, detailing the discovery process, exploited endpoints, and the low barrier to hijack accounts.
