i had a zoom call with people to discuss a major vulnerability i found.
comments
Highlighted comment
i think you already fixed it
this sounds like a bug with your client rather than the server — as far as i can tell, i haven’t touched auth code in years
huh, maybe, idk
all i know is apparently i logged into an account with a password even though the account had no password assigned, and then you gave me a warning
that sounds more like the user configured their account wrong. right now its possible for someone to set their password to be blank (which is different from disabling password login).