HackerOne: Flooding mailbox of user

ID H1:10109
Type hackerone
Reporter dawidczagan
Modified 2014-04-30T22:02:01


There seems to be no prevention from sending multiple password reset links to a selected e-mail. As a result mailbox of the user can be flooded with these mails. I would recommend to add CAPTCHA in forgot password functionality.