An independent vulnerability researcher has discovered a Password Reset vulnerability in Facebook. An attacker can change/reset a user’s password without knowing the user’s current password. This vulnerability has been confirmed and patched by Facebook Security Team. The vulnerability was discovered by independent researcher Sow Ching Shiong, an independent researcher has found a vulnerability that can be exploited by an attacker to bypass certain security restrictions on www.facebook.com. Facebook has since confirmed the vulnerability and patched it up to users’ request.”]
Source: http://www.pwn2hack.com/2013/01/facebook-bug-4-password-reset.html