Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account.

The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow. An attacker could have exploited the flaw to takeover any Facebook account by brute-forcing a particular type of nonce.