cantevencode
cantevencode@lemmy.world
Joined
0 posts • 15 comments
Does an admin account have any permissions to view email addresses or data of registered users?
Did MichelleG not have 2FA enabled?
Now that this has happened, it’s be worth pushing this issue through as high priority. If HttpOnly
was enabled, then an admin takeover would not have been possible.