[Security Bug - No need email confirmation] Create New Account with fake email adress, can directly sign in without email confirmation

[kreasindo513]

Issue Title : Create New Account with fake email adress, can directly sign in without email confirmation

Target URL : https://secure.newegg.com/identity/signup?tk=b767ea_fe733ed0f53445458cfdfea412e6312320263 Device: Laptop Operating System: Windows 10 Browser: Google Chrome

Steps to reproduce :

1. Create Account https://secure.newegg.com/identity/signup?tk=b767ea_fe733ed0f53445458cfdfea412e6312320263
2. Input the fake email address then sign up
3. Without email confirmation, directly sign in to website.

Actual result: I can't imagine, if one person can make a lot of fake users with fake email and fake orders

Expected results: The new member should confirmed their email address, before they can sign in.

Bug Type : Security Issue

Testing collateral: Video https://drive.google.com/file/d/1yEKWqXZxfLb-hC211CnO5vAX_kDy6Arw/view?usp=sharing

[draco-malfoy]

valid. no email confirmation is being sent to before being able to login with newly created account, triggering fake account creations

https://user-images.githubusercontent.com/46344490/128290179-698f0bac-c8b9-4f2e-80ed-e87c72fa7c15.mp4

.

Missing labels, probably Functional/security

[kreasindo513]

How to assign the label, this is my first QA challenge. Thank you

[draco-malfoy]

Hi @kreasindo513 on the right side there is labels section, please select suitable label which best suites the issue. also don't edit the issues once created, otherwise your issue will added to last of queue.

[kreasindo513]

I can not click/edit this label, when I click look like it's read only text not a link. I try edit the title with type of bug. Sorry, I should learn more in QA challenge tips, as of I edit the title it Will be change the number list

[codejamtc]

Submitter: 8 Points Challenger: 1 Points