Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When disabled, login paths should be inaccessible #1738

Open
11 tasks
pglombardo opened this issue Dec 22, 2023 · 0 comments 路 May be fixed by #1962
Open
11 tasks

When disabled, login paths should be inaccessible #1738

pglombardo opened this issue Dec 22, 2023 · 0 comments 路 May be fixed by #1962
Labels
feature request security

Comments

@pglombardo
Copy link
Owner

pglombardo commented Dec 22, 2023
edited

馃悰 Bug Report

Reported by a community user via email:

It is possible to enumerate valid accounts within the application by attempting to sign up with an already used email address. Display 'We have sent you an email to validate your registration', validate registration if not registered, offer a password reset if already registered. :)

馃敩 How To Reproduce

Steps to reproduce the behavior:

  1. ...

Code sample

Environment

Where are you running/using Password Pusher?

  • pwpush.com
  • Docker Image
    • pwpush
    • custom image
  • Heroku
  • Digital Ocean
  • Microsoft Azure
  • Google Cloud
  • AWS
  • Source Code
  • Other (please specify)

If applicable, what version of Password Pusher?

Screenshots

馃搱 Expected behavior

馃搸 Additional context
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disable Login Routes when Logins are Disabled pglombardo/PasswordPusher
1 participant
@pglombardo