Facebook Password Reset Vulnerability

2013 Facebook Bug Whitehat 

Normally, when an authenticated Facebook user is changing their password, you need to enter their current password on the password change page to prevent an unauthorized person. However, the password could be reset without entering the old password in the session that was active with this vulnerability. It has been fixed by my notifying.