The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Reset Password is vulnerable
#1
The reset password form is easily vulnerable with the reset password link, people can run a script to spam random numbers as the vericode in the URL and once they get the correct one can change someone elses password, is there a way to have vericode only work when someone requests reset password and it'll only be valid for around 15 minutes, along with making it an actual secure phrase instead of a verification number.
  Reply


Messages In This Thread
Reset Password is vulnerable - by Jamie - 05-18-2017, 09:46 PM
Reset Password is vulnerable - by Brandin - 05-25-2017, 05:39 PM
Reset Password is vulnerable - by faguss - 06-19-2017, 11:25 PM
Reset Password is vulnerable - by mudmin - 06-20-2017, 11:21 AM
Reset Password is vulnerable - by karsen - 07-10-2017, 07:15 PM

Forum Jump:


Users browsing this thread: 2 Guest(s)