Facebook Password Reset Vulnerability

Normally, when an authenticated Facebook user is changing their password, you need to enter their current password on the password change page to prevent an unauthorized person. However, the password could be reset without entering the old password in the session that was active with this vulnerability. This has been fixed by my notifying.