no captcha for register user and weak question attacker can spam email
Unknown
Vulnerability Details
hi
in https://demo.weblate.org/accounts/register/ attacker can register with same email and if didnt click on confirm link attacker can make request with infinite loop
so attacker can spam another email with your service
question is so simple any bot that can read source can generate answer for it
you can make fix with if email register in database user cant make register request within 24 hour
good luck
Actions
View on HackerOneReport Stats
- Report ID: 236398
- State: Closed
- Substate: resolved
- Upvotes: 27