Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 18 months ago

Closed 16 months ago

#59571 closed enhancement (duplicate)

Summary: No rate limit check on Reset forgot password which can lead to mass mailing and spamming of users and possible employees A little bit about Rate Limit

Reported by:	princegill	Owned by:
Milestone:		Priority:	normal
Severity:	critical	Version:
Component:	Users	Keywords:
Focuses:		Cc:

Description

Browsers Verified In:
firefox
Steps To Reproduce:
1 Registered account

2 Go to https://a8cteam5105.wordpress.com/reset-password/

3 Enter Email Send Reset Intructions check mail and reset password

4 5 to 10 min wait open same link and reset again password

5 Boom.....✹
ATTACH Of POC VIDEO CLIP

Attachments (1)

poc.mp4 (8.3 MB) - added by princegill 18 months ago.

Change History (2)

@princegill
18 months ago

Attachment poc.mp4 added

#1 @SergeyBiryukov
16 months ago

Component changed from General to Users
Focuses rest-api removed
Milestone Awaiting Review deleted
Resolution set to duplicate
Status changed from new to closed

Hi there, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #12682.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: