Project

General

Profile

Actions
Copy link

SoftPos #8

open

Email enumeration using forget password

Added by Redmine Admin 4 months ago. Updated 4 months ago.

Status:
New
Priority:
Low
Assignee:
LIQUID/hosam gemei
Category:
Re Test
Start date:
02/18/2024
Due date:
% Done:

100%

Estimated time:

Description

Description
The forget password feature is vulnerable to email enumeration, allowing an unauthenticated user to
get all email addresses registered on the system. The reason that this vulnerability exist is because
the server response when an email is not registered is different for when an email is registered.

Actions
Copy link
 #1

Updated by Redmine Admin 4 months ago

  • Category set to Re Test
Actions
Copy link
 #2

Updated by Redmine Admin 4 months ago

LIQUID

Actions
Copy link
 #3

Updated by Redmine Admin 4 months ago

  • Start date changed from 12/18/2024 to 02/18/2024
Actions
Copy link
 #4

Updated by Redmine Admin 4 months ago

  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF