Taxact - fixed without reporting; original findings shown

https://www.taxact.com/
Recommended Configuration Email; SMS
Alternate Configuration 1 Authenticator
Alternate Configuration 2
Alternate Configuration 3
Account/Password Recovery PR SMS; PR email
Remarks SMS 2FA used as mandatory backup for email 2FA
Responses

Notified on January 11, 2020.

Received response on January 13, 2020; report misinterpreted as feature request.

Silently fixed vulnerability without notifying us as of March 8, 2020; this page represents our original findings.
img
2fa_backup.PNG
img
2fa_options.PNG
img
pr_step0.PNG
img
pr_step1.PNG
img
pr_step2.PNG
img
pr_step3.PNG