Multiple password reset messages
|Reported by:||SergeyBiryukov||Owned by:||dd32|
There's a security flaw mentioned in #10006: an attacker can bother users with password reset messages.
The problem was reported on Russian support forums by the user receiving hundreds of such messages on his email address. He managed to solve it himself.
He also proposed to introduce some kind of timeout for password resetting. Is it possible?
Change History (5)
- Milestone Unassigned deleted
- Resolution set to duplicate
- Status changed from new to closed
- Milestone set to Unassigned
- Resolution duplicate deleted
- Status changed from closed to reopened