it's possible change a password without owning the account.

it's possible to change the password of any account only with post an email on user/forgot and using the id of the user on user/store-password 
![image](https://user-images.githubusercontent.com/21298844/114643081-5e473e00-9cab-11eb-991d-abd5f8111911.png)
Not only that, when post to /user/forgot endpoint is sending the private token in the response.
![image](https://user-images.githubusercontent.com/21298844/114643183-9484bd80-9cab-11eb-8ab1-fcfe0b6677b9.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

it's possible change a password without owning the account. #160

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

it's possible change a password without owning the account. #160

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions