▲ 1 r/lovable
Security issue regarding password change - Lovable cloud configuration
Hello, i have been playing around with lovable and have created a small project
However, i am facing an issue regarding the password reset testing wherein with a simple authorization token i am able to change a login password without the need for any type of email or authentication
In Burp i can just give a PUT request and change the password at will and am really struggling to understand how to overcome this issue as it is not exactly a UI or frontend change and even lovable is struggling to give any inputs
What i have done - it told me to go to USERS > AUTH SETTINGS > TURN ON Require re-authentication for password changes but the issue still remains
u/Blackbeard567 — 3 days ago