googlenews Posted July 24, 2016 Report Share Posted July 24, 2016 eWeek Uber Pays Security Researcher $10K for Critical FlaweWeek"Through the endpoint at /rt/users/passwordless-signup it is possible to change the password of any Uber user, given knowledge of their phone number (or by just enumerating phone numbers until one is found that is registered with Uber—not too hard ... https://www.google.com/search?hl=en&gl=uk&tbm=nws&authuser=0&q=uber&oq=uber Link to comment Share on other sites More sharing options...
