HackerOne: Flooding mailbox of user

2014-04-28T09:20:02
ID H1:10109
Type hackerone
Reporter dawidczagan
Modified 2014-04-30T22:02:01

Description

There seems to be no prevention from sending multiple password reset links to a selected e-mail. As a result mailbox of the user can be flooded with these mails. I would recommend to add CAPTCHA in forgot password functionality.