Facebook Password Reset Vulnerability
2013 Facebook Bug Whitehat
Normally, when an authenticated Facebook user is changing their password, you need to enter their current password on the password change page to prevent an unauthorized person. However, the password could be reset without entering the old password in the session that was active with this vulnerability. It has been fixed by my notifying.