Closed zabounis closed 10 years ago
jacobgelling
commented
10 years ago There's a heap of issues with the password reset. I've noticed there is no error if the password is too short but it appears as if it is ok and takes you back to the login screen.
vasicvuk
commented
10 years ago Yes. If you type correct email screen will go blank and mail wont be send and if you type any email address it will return to login screen. Same blank screen is appearing when u create new client (screen goes blank) Client is created but email is not send. Maybe it is some (If statement problem) because when it is ok it is going to blank page and when it is not panel is acting like everything is ok)
poppabear8883
commented
10 years ago I would say that this is a critical issue that needs fixed a.s.a.p ...
Thanks Devs
satdav
commented
10 years ago Can I suggest we also add recapcha
jacobgelling
commented
10 years ago In my tests this bug seems to be non existent...
People might be mistaken to think it sends a email to anyone as no error is given.
I noticed that if someone clicks "Forgot Password" and enters an email that does not exist in the clients table emails , the system sends email with a password reset link. This can happen even if no username is placed in the form or even if wrong username is entered. This can become a threat if someone creates a script that uses the forgot password featurefor sending mails repeatedly and can load the mail server.