Scratch

I'm not sure if this belongs here. 



I think I found a glitch that could allow people to get hacked easily.

Here's how I found it:


I was on my email, looking through my old messages. I found two 'forgotten password' messages that you receive when you ask to regain your password. Just for fun, I copied and pasted the password recovery URL into my browser's URL bar at the top. And then I had a thought. In the page, it automatically shows your old password in the 'old password' box. So I got an idea, and in the URL bar, I replaced the name 'l0ve1y' with someone else's username, and pressed the enter key. Sure enough, instead of 'l0ve1y', the text 'Resetting the password for username [insert username here]' said the username I had typed in at the top. Which means the password in the box could have changed, too. I don't know for sure, but I'd rather be safe than sorry. If the password does change, then this is an easy way for people to get hacked- all the hacker has to do is request a password recovery, copy and paste the URL into their browser, change the name to whoever they want to hack, click 'reset', and boom. They've hacked a user. Now, I don't want to test this, because if I changes someone's password without telling them, it would be very mean, and they would have to use a password reset. So I'm not sure if it works. But if it does work, it should be stopped somehow so that people don't get hacked.







l0ve1y