Spamming any user from Reset Password Function
Low
Vulnerability Details
It is possible to spam any user whose email-id is known.
csrfmiddlewaretoken token can be used more than one.
Users can be spammed heavily by just Brute force attack on password reset page.
Implementtion:
Implement a Captcha.
Actions
View on HackerOneReport Stats
- Report ID: 223525
- State: Closed
- Substate: resolved
- Upvotes: 4