Changes between Initial Version and Version 9 of Ticket #12682
- Timestamp:
- 02/09/2014 04:55:20 AM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #12682
-
Property
Status
changed from
new
toaccepted
-
Property
Type
changed from
defect (bug)
tofeature request
-
Property
Component
changed from
Security
toUsers
-
Property
Summary
changed from
Multiple password reset messages
toMultiple password reset emails can be annoying
- Property Owner changed from ryan to dd32
-
Property
Milestone
changed from
Unassigned
to3.9
- Property Keywords has-patch added
-
Property
Status
changed from
-
Ticket #12682 – Description
initial v9 1 There's a security flaw mentioned in #10006: an attacker can bother users with password reset messages.1 There's a security flaw mentioned in #10006: an attacker can bother users with password reset emails. 2 2 3 The problem was reported on Russian support forums by the user receiving hundreds of such messages on his email address. He managed to solve it himself. 4 5 He also proposed to introduce some kind of timeout for password resetting. Is it possible? 3 The problem was reported on support forums by a user receiving hundreds of these emails. He proposed to introduce some kind of a timeout for password reset requests. Is it possible?