You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "confirm additional email address" message sent to the new address shows
the password of the requesting user in plain text, when it should not, since
the receiver of such a message may have gotten it due to user error (typo,
anyone?) but will nonetheless be granted full access to to the requesting
user's account, simply by virtue of _actively_being_told_ his login data, and
all his list memberships.
Jeff: This needs some discussion.
Original issue reported on code.google.com by [email protected] on 4 Jun 2009 at 11:22
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]on 4 Jun 2009 at 11:22The text was updated successfully, but these errors were encountered: