Cloudflare: Password reset threshold not set

ID H1:11828
Type hackerone
Reporter shahmeer-amir
Modified 2014-07-08T10:00:31


Your web application does not have a password reset threshold set. this means that your client and users account can be flooded with password reset emails which can result in spam to the mailer's inbox. You should implement a threshold to prevent this attack