"Even weak hackers can pull off a password reset MITM attack via account registration"

Researchers from the College of Management Academic Studies have shared their findings of a new technique in which an attacker could perform a password man-in-the-middle attack with the exploitation of password reset procedure vulnerabilities during the account registration process. Researchers reveal that many sites are vulnerable to this attack, including Google, Facebook, Yahoo, Snapchat and many others. This attack can also defeat the implementation of two-factor authentication (2FA). This article further discusses how this attack could be performed, how this attack could overthrow the process of 2FA, and similar vulnerabilities found in messaging apps. 

CSO reports "Even weak hackers can pull off a password reset MITM attack via account registration"