x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

Don't allow signin with newly created credentials #340

New Issue
Open
opened 2024-12-19 21:16:03 +00:00 by tim · 0 comments
tim commented 2024-12-19 21:16:03 +00:00
Owner
Copy Link

If sign in is allowed with newly created credentials without verifying the email first, emails can be leaked.
The Attacker could:

  1. Create an new account with victim email
  2. Try to sign in with the new account credentials
  3. If the sign in does not succeed, the attacker knows, that the victim email has an account on the platform
If sign in is allowed with newly created credentials without verifying the email first, emails can be leaked. The Attacker could: 1. Create an new account with victim email 2. Try to sign in with the new account credentials 3. If the sign in does not succeed, the attacker knows, that the victim email has an account on the platform
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
blocker
fun
medium
minor
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate tim
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: x/web-app-template#340
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?