Response Manipulation to enable Account recovery key with out current password

It is possible to modify the server response to bypass password requirement when generating an account recovery key, however, the attacker requires access to the victim's account and they wouldn't have access to the generated recovery key by manipulating the server response. Therefore, this report is considered informative.