Drugs.com: 2FA Bypass leads to impersonation of legimate users
The authentication system contained a logic flaw that allowed an attacker to impersonate a legitimate user who had not yet registered. By abusing the email change functionality and bypassing two-factor authentication, the attacker could retain access to the account until the legitimate user reset...