Cloudflare: Password reset threshold not set

2014-05-12T12:22:51
ID H1:11828
Type hackerone
Reporter shahmeer-amir
Modified 2014-07-08T10:00:31

Description

Your web application https://www.cloudflare.com does not have a password reset threshold set. this means that your client and users account can be flooded with password reset emails which can result in spam to the mailer's inbox. You should implement a threshold to prevent this attack