Broken Authentication

**Summary:** IDOR **Description:** It is possible to access other user account by changing the parameter 'email' to another valid e-mail, i managed to guess an existing user '███████@███.com' which discloses the ███ Name and Surname. ## Impact Information Disclosure ## Step-by-step Reproduction Instructions 1.Visit: https://██████ 2. Register for an account 3. Follow the steps like in the attached pictures ## Product, Version, and Configuration (If applicable) Web Application ## Suggested Mitigation/Remediation Actions https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet ## Impact Information Disclosure