You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Looks like recovery password controller doesn't limit the number of requests, allowing someone to programatically use it to generate email spam or overload the SMTP service
Describe the bug
Looks like recovery password controller doesn't limit the number of requests, allowing someone to programatically use it to generate email spam or overload the SMTP service
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
Rate limit password resets by email to X amount per hour. Other limitation (ip) can also be used.
Additional context
The issue was reported by an unknown user at webmasters (at) fablabs.io. This is not a high priority issue.
The text was updated successfully, but these errors were encountered: