Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
That is not how the forgot password function work. Leveraging this will never "lockout" a user.
email enumeration enabled leading to unauthorized login attempts and account lockout
Disclosed by xabit___- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date about 1 year ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by xabit___
disclose