User able to change email with no verification - potential lockout risk with no reset option #1064
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Severity - (Medium)
Weakness - Violation of Secure Design Principles
Description
User is able to navigate to account settings and change email to any email in a proper email format (i.e. [email protected]). After clicking 'Save' and submitting the form, this email is now saved as their account email. Subsequently, there is no additional email verification needed unlike when a User signs up. This introduces a potential risk to the user in that they may be locked out of their account with no way to reset their password if the 'new' email is entered incorrectly. Based on the current design the 'updateUser' fuction called on submit here: https://github.com/tidepool-org/blip/blob/develop/app/redux/actions/async.js does not consist of any verification for any updates. At minimum, there should be a verification step when changing email
Steps To Reproduce:-
Example
Original email - gmail.com used
Saved email that is a 'typo' - gmail.cb is not a valid email host
Logging in with original email does not work
Logging in with this 'typo' email does - with no verification step
The text was updated successfully, but these errors were encountered: