There is no account takeover. At most there is an "account inconvenience" by force resetting another user's password, but there is no compromise or leak of account information
This is not informative because it's cause account takeover I not give full poc o f this vulnerability but in this video YOU Saw to change email address cause account takover if some one left his account open on public computer(say office or cafe), then attacker can change the email ,without verify himself because no otp or verification held. Then abuse forgot password field to take over whole account. This is critical not informative or its impact your reputation
See this poc same case
https://hackerone.com/reports/292673
It is a p3 vulnerability it is a serious vulnerability you check one more time
When you want full video poc then message me
Thankyou
Shivam mahar
