Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Password reset spam bug
I'm running into a pretty serious problem on my forum right now where people have automated asking for a password reset and are firing off hundreds of password reset requests to everyone on the board.
Has anyone else run into this problem?
I think the best solution is to require the user to enter their email in order to get a password reset since that is private information. I am going to work on patching Vanilla today (or try to add an extension for this if possible)
0
This discussion has been closed.
Comments