It's not really unrestricted. Given that this is forcing the password reset, you... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mayneack on March 8, 2016 | parent | context | favorite | on: How I could have hacked any Facebook account

It's not really unrestricted. Given that this is forcing the password reset, you can't silently do it, right? So anyone exploiting it knows there's a limited number of uses before people notice that their passwords are being reset by not them.

arcticfox on March 9, 2016 [–]

True, the restriction is that you only get a guarantee of getting in one time. I meant that there are no restrictions on what you can do once you're in. (E.g. a XSS chat hack or something like that would be restricted in that sense)

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact