Already Registered Email Disclosure
Low
Vulnerability Details
Hello,
In the registration at https://hosted.weblate.org/accounts/register/ , I found that trying an already used email would inform the register that you are trying used one, so with a dictionary of emails a hacker can determine the emails of all users in database and use that in phishing.
Note:I thought that I should report this because I found that all other functionalities don't reveal that the email is already used. Eg: Forget Password
Thanks.
Actions
View on HackerOneReport Stats
- Report ID: 223343
- State: Closed
- Substate: resolved
- Upvotes: 3