Email changing
Unknown
Vulnerability Details
Hello
When someone chnage his email he doesn't have to confirm the change of the email from both emails
I suggest you must use a confirmation from both emails (specially the old email)
Because If an attacker compromises the password of a hackone user
the user will not be able to reset his password even from the old email .
Best Regards
Actions
View on HackerOneReport Stats
- Report ID: 18846
- State: Closed
- Substate: informative
- Upvotes: 6