Sorare: Mystery with a leaked token and Reusability of email confirmation link leading to Account Takeover

A vulnerability was discovered where leaked email confirmation links could be reused to gain access to a user's account without requiring a password. This was possible by modifying the token parameter in the URL of the expired confirmation link. An attacker who gains access to such a leaked link...