Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Password reset spam bug

edited March 2008 in Vanilla 1.0 Help
I'm running into a pretty serious problem on my forum right now where people have automated asking for a password reset and are firing off hundreds of password reset requests to everyone on the board. Has anyone else run into this problem? I think the best solution is to require the user to enter their email in order to get a password reset since that is private information. I am going to work on patching Vanilla today (or try to add an extension for this if possible)

Comments

  • or modify the captcha extension to also work on the password reset form.
This discussion has been closed.