• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Exploit?

Mike

XenForo developer
Staff member
#2
I don't see how that link can do that - it's for confirming your email is valid. It doesn't touch passwords at all.

Additionally, the link can only work once, and only for the user ID specified in the URL.
 
F

Floris

Guest
#5
Can't control those who assume incorrectly :)
If they follow the link and the "hacker" gets the password, something else is going on that has nothing to do with xenforo's core product.