bbqsrc
commented
8 years ago Allow three duplicates from one IP then ban it. :smile:
Open Doddzy opened 8 years ago
bbqsrc
commented
8 years ago Allow three duplicates from one IP then ban it. :smile:
Emails of users signed up can potentially be enumerated via us not allowing duplicates. This can be an issue and should be investigated to find a solution.
More info: If you attempt to sign up as test@gmail.com, then the account creation fails, you then know that this user is in database, even if theres no message explicitly saying so, the error would clearly indicate that. Using this people can generate a list of members in our db.