[wp-trac] [WordPress Trac] #12682: Multiple password reset messages
WordPress Trac
wp-trac at lists.automattic.com
Tue Mar 23 15:51:16 UTC 2010
#12682: Multiple password reset messages
----------------------------+-----------------------------------------------
Reporter: SergeyBiryukov | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version: 2.9.2
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
There's a security flaw mentioned in #10006: an attacker can bother users
with password reset messages.
The problem was reported on Russian support forums by the user receiving
hundreds of such messages on his email address. He managed to solve it
himself.
He also proposed to introduce some kind of timeout for password resetting.
Is it possible?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12682>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list