Vanilla: jsConnect Plugin: Takeover of existing account

Description ----------- The current version 1.5.5 of the official jsConnect plugin allows the takeover of an existing account that wasn't created using SSO - eg a previously existing admin user - by registering an account with the same name using SSO. A successfull attack requires one request to ...