The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!
UserSpice   ›   Support Center   ›   UserSpice 4.3 and Below   ›   Reset Password is vulnerable

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Reset Password is vulnerable
Jamie
User
Joined: Apr 2017
Posts: 26

Reputation: 0
#1
05-18-2017, 09:46 PM
The reset password form is easily vulnerable with the reset password link, people can run a script to spam random numbers as the vericode in the URL and once they get the correct one can change someone elses password, is there a way to have vericode only work when someone requests reset password and it'll only be valid for around 15 minutes, along with making it an actual secure phrase instead of a verification number.
  Reply


Messages In This Thread
Reset Password is vulnerable - by Jamie - 05-18-2017, 09:46 PM
Reset Password is vulnerable - by Brandin - 05-25-2017, 05:39 PM
Reset Password is vulnerable - by faguss - 06-19-2017, 11:25 PM
Reset Password is vulnerable - by mudmin - 06-20-2017, 11:21 AM
Reset Password is vulnerable - by karsen - 07-10-2017, 07:15 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)