We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
The attacker can re-use a password reset link from an alredy removed e-mail address.
The previous generated password reset link was still valid after changing the email address of the account.
Medium
Hassan Jawaid for reporting the password reset link vulnerability.
Short Description
The attacker can re-use a password reset link from an alredy removed e-mail address.
Reporting Date
Details
The previous generated password reset link was still valid after changing the email address of the account.
Impact
Medium
References
❤ Thanks to
Hassan Jawaid for reporting the password reset link vulnerability.