Mail.ru: Account Takeover via Forgot Password Page at https://3k.mail.ru/send_password.php?

2020-07-04T11:19:36
ID H1:915331
Type hackerone
Reporter jayesh25
Modified 2021-01-22T12:01:54

Description

Password recovery procedure was not sufficiently protected against bruteforce and allowed arbitrary 3k.mail.ru account takeover