Proton Pass: Second-Password Bypass Through Emergency Access

A security researcher discovered a method to bypass Proton Pass’s second-password authentication by exploiting the Emergency Access feature. The vulnerability allowed an attacker with access to a user’s account to reset the second password without knowing it. The issue was reported to Proton and has since been addressed. The bypass relied on specific interactions between the Emergency Access and password recovery mechanisms.