HackerOne: Email changing

ID H1:18846
Type hackerone
Reporter djamel-ghorab
Modified 2014-08-28T09:24:24


Hello When someone chnage his email he doesn't have to confirm the change of the email from both emails

I suggest you must use a confirmation from both emails (specially the old email)

Because If an attacker compromises the password of a hackone user the user will not be able to reset his password even from the old email .

Best Regards