SoftPos #8: Email enumeration using forget password - Finpay - Redmine

Actions

Copy link

SoftPos #8

open

Email enumeration using forget password

Added by Redmine Admin 4 months ago. Updated 4 months ago.

Status:

New

Priority:

Low

Assignee:

LIQUID/hosam gemei

Category:

Re Test

Start date:

02/18/2024

Due date:

% Done:

100%

Estimated time:

Description

Description
The forget password feature is vulnerable to email enumeration, allowing an unauthenticated user to
get all email addresses registered on the system. The reason that this vulnerability exist is because
the server response when an email is not registered is different for when an email is registered.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Finpay

SoftPos #8

Email enumeration using forget password

Updated by Redmine Admin 4 months ago

Updated by Redmine Admin 4 months ago

Updated by Redmine Admin 4 months ago

Updated by Redmine Admin 4 months ago