Make WordPress Core

Opened 5 months ago

Closed 3 months ago

#59571 closed enhancement (duplicate)

Summary: No rate limit check on Reset forgot password which can lead to mass mailing and spamming of users and possible employees A little bit about Rate Limit

Reported by: princegill's profile princegill Owned by:
Milestone: Priority: normal
Severity: critical Version:
Component: Users Keywords:
Focuses: Cc:

Description

Browsers Verified In:
firefox
Steps To Reproduce:
1 Registered account

2 Go to https://a8cteam5105.wordpress.com/reset-password/

3 Enter Email Send Reset Intructions check mail and reset password

4 5 to 10 min wait open same link and reset again password

5 Boom.....✹
ATTACH Of POC VIDEO CLIP

Attachments (1)

poc.mp4 (8.3 MB) - added by princegill 5 months ago.

Change History (2)

@princegill
5 months ago

#1 @SergeyBiryukov
3 months ago

  • Component changed from General to Users
  • Focuses rest-api removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #12682.

Note: See TracTickets for help on using tickets.