HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.

Password reset spam bug

edited March 2008 in Vanilla 1.0 Help
I'm running into a pretty serious problem on my forum right now where people have automated asking for a password reset and are firing off hundreds of password reset requests to everyone on the board. Has anyone else run into this problem? I think the best solution is to require the user to enter their email in order to get a password reset since that is private information. I am going to work on patching Vanilla today (or try to add an extension for this if possible)


  • or modify the captcha extension to also work on the password reset form.
This discussion has been closed.