' Full Account Takeover ' at █████

A severe vulnerability is identified in the login functionality of a website belonging to Mars. An unauthorized actor can manipulate the server's response from the █████████████ endpoint to gain unauthorized access to any user account on the platform, leading to a full account takeover. The attacker can achieve this by intercepting the login request, modifying the server's response to indicate a successful login, and setting a cookie with the target user's ID. This exploit does not require knowledge of the victim's email address or password.