> The first proper zero auth password reset I've seen in production. In 2011 Dro... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		varenc 1 day ago \| parent \| context \| favorite \| on: The newest Instagram “exploit” is the goofiest I'v... > The first proper zero auth password reset I've seen in production. In 2011 Dropbox briefly had an even easier "zero auth exploit". For a couple hours if you typed in any email on the login page, password checking was skipped and you could login to any account. Albeit, you still couldn't reset the user password, just login. https://techcrunch.com/2011/06/20/dropbox-security-bug-made-...

		help

californical 8 hours ago | [–]

Remember this MacOS bug? Letting you login to any computer as a root user by typing "root" as the username with no password.

My IT department had a blast with that one, pure disbelief that it worked on all of our systems

https://arstechnica.com/information-technology/2017/11/macos...

parable 1 day ago | [–]

What about Hotmail's "eh" flaw of 1999? I'd say a two-letter password is practically "zero auth".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact