Access to completion page without performing any action

Disclosed: 2017-05-18 07:58:24 By footstep To weblate
None
Vulnerability Details
Hi!, This is much of a best practice as it doesn't have much impact on the user. But I believe you may want to know. After making a registration or on finalizing a password reset, one is redirected to a page, https://demo.weblate.org/accounts/email-sent/. I noticed that even without making any of the two actions stated above, the page is still accessible. Regards, Shuaib
Actions
View on HackerOne
Report Stats
  • Report ID: 223846
  • State: Closed
  • Substate: resolved
  • Upvotes: 5
Share this report