Hello MapLogin Security Team,
I just found a problem in Authentication for you. Attacker Can take over any accounts that "Not Completed Yet" by easy way and here is the details:
1- From any browser you can register using your email "firstname.lastname@example.org" 2- You will recieve a verification code to enter. 3- Enter the code that you have now from your email. 4- Don't complete your account.
5- Now open a private window from another browser. 6- Try to login with this email and you will get the message like the fisrt SS i attached. 7- Now you can click on Create New Account. 8- By using the victim email "Not Completed yet" and fill first, last name and phone. 9- Now Click Next Button and here is the problem ..... You are logged in with the victim email "email@example.com"
If you need more information i will be very happy to help...Thank you Diaa