Researchers Found a Zero-Click Facebook Account Takeover

The critical vulnerability in Facebook's password reset process involved a rate-limiting issue in a specific endpoint, which could be exploited to brute-force a nonce and gain access to a user's account.