Reset form should include Recaptcha - Githubissues

hasgeek / lastuser

Lastuser has been merged into Funnel. This repository is archived.

https://hasgeek.com/

BSD 2-Clause "Simplified" License

166 stars 30 forks source link

Reset form should include Recaptcha #191

Closed jace closed 5 years ago

jace commented 7 years ago

The password reset form is an abuse vector, so it should include Recaptcha.

jace commented 5 years ago

The add email and phone forms also send communications to unverified destinations and therefore need Recaptcha protection.