Password Reset Does Not Confirm the Existence of an Email Address
Unknown
Vulnerability Details
issue:
1.click forget password as driver or rider [https://login.uber.com/login]
2.input an email which not signed up!
3. press reset password.
there will be 'We've sent you an email with a link to reset your password.' message.
because it can not verify email is signed up or not!
I'd tried with my personal email. I got the message in webpage but did not get any further email from Uber.
is that another bug?
Actions
View on HackerOneReport Stats
- Report ID: 143291
- State: Closed
- Substate: informative
- Upvotes: 2