Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Email harvesting when registering with existing email address #19

Open
akamicah opened this issue Dec 22, 2022 · 0 comments
Open

Email harvesting when registering with existing email address #19

akamicah opened this issue Dec 22, 2022 · 0 comments
Labels
High Priority Security Concern

Comments

@akamicah
Copy link
Owner

When trying to register with an existing email address, the response (par v1) is to return an 'Email Address Registered' error. This needs to be changed to a password reset, and responses for both registration and password reset respond a generic 'Check your email' message to prevent email address harvesting
@akamicah akamicah added V2 Feature Request Requested features to be implemented in API v2 Security Concern labels Dec 22, 2022
@akamicah akamicah changed the title Trying to register with existing email address Email harvesting when registering with existing email address Dec 22, 2022
@akamicah akamicah added High Priority and removed V2 Feature Request Requested features to be implemented in API v2 labels Jan 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
High Priority Security Concern
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@akamicah