Flooding mailbox of user

Disclosed: 2014-04-30 22:02:01 By dawidczagan To security

Unknown

Vulnerability Details

There seems to be no prevention from sending multiple password reset links to a selected e-mail. As a result mailbox of the user can be flooded with these mails. I would recommend to add CAPTCHA in forgot password functionality.

Actions

View on HackerOne

Report Stats

Report ID: 10109
State: Closed
Substate: informative
Upvotes: 6

Flooding mailbox of user

Vulnerability Details

Actions

Report Stats

Share this report