Skip to content

rate limit password resets #13813

New issue
New issue
Closed
#13934
Closed
rate limit password resets#13813
#13934
Assignees
sgiehl
Labels
c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.c: UsabilityFor issues that let users achieve a defined goal more effectively or efficiently.
Milestone
3.11.0
@Findus23

Description

@Findus23
Findus23
opened on Dec 8, 2018

See also #13472 (comment)
followup to #13472 and #2888

Currently everyone can request an unlimited number of password requests which causes an unlimited amount of password reset emails which causes a mess in the inbox, overloads mailservers and may make it possible to let an attacker trick the user in accepting this request (#11071)

Metadata

Metadata

Assignees

Labels

c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.c: UsabilityFor issues that let users achieve a defined goal more effectively or efficiently.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions