HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
Password reset spam bug
I'm running into a pretty serious problem on my forum right now where people have automated asking for a password reset and are firing off hundreds of password reset requests to everyone on the board. Has anyone else run into this problem? I think the best solution is to require the user to enter their email in order to get a password reset since that is private information. I am going to work on patching Vanilla today (or try to add an extension for this if possible)
This discussion has been closed.