@Findus23 opened this Issue on December 8th 2018 Member

See also https://github.com/matomo-org/matomo/pull/13472#issuecomment-443685080
followup to #13472 and #2888

Currently everyone can request an unlimited number of password requests which causes an unlimited amount of password reset emails which causes a mess in the inbox, overloads mailservers and may make it possible to let an attacker trick the user in accepting this request (https://github.com/matomo-org/matomo/issues/11071)

This Issue was closed on July 17th 2019
Powered by GitHub Issue Mirror