TL;DR: Recovery flow re-uses weak channel, predictable token, host-header injected reset link, OTP brute, race-on-reset.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• TODO