Exploit?

Mike

XenForo developer
Staff member
I don't see how that link can do that - it's for confirming your email is valid. It doesn't touch passwords at all.

Additionally, the link can only work once, and only for the user ID specified in the URL.
 

Kier

XenForo developer
Staff member
Mike's right, the link simply does not and can not do what you describe.
 
F

Floris

Guest
Can't control those who assume incorrectly :)
If they follow the link and the "hacker" gets the password, something else is going on that has nothing to do with xenforo's core product.
 
Top