rate limit password resets #13813
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
c: Usability
For issues that let users achieve a defined goal more effectively or efficiently.
Milestone
See also #13472 (comment)
followup to #13472 and #2888
Currently everyone can request an unlimited number of password requests which causes an unlimited amount of password reset emails which causes a mess in the inbox, overloads mailservers and may make it possible to let an attacker trick the user in accepting this request (#11071)
The text was updated successfully, but these errors were encountered: