Reddit: No rate limit on password reset leads to email enumeration at gateway-production.dubsmash.com

Summary: i found brute force on gateway-production.dubsmash.com . find valid usersnames and emails no rate limit Impact: attacker could collect all usernames and valid emails through brute force on forget password Steps To Reproduce: open gateway-production.dubsmash.com and forget email and enter...