What an attacker could do on a lot of sites is change the email address associated with the account, then request the password (or a reset). That, of course, would be a complete takeover without knowing the original password.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds