[wp-trac] [WordPress Trac] #12682: Multiple password reset emails can be annoying (was: Multiple password reset messages)
WordPress Trac
noreply at wordpress.org
Sun Feb 9 04:55:21 UTC 2014
#12682: Multiple password reset emails can be annoying
-----------------------------+-----------------------
Reporter: SergeyBiryukov | Owner: dd32
Type: feature request | Status: accepted
Priority: normal | Milestone: 3.9
Component: Users | Version: 2.9.2
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-----------------------------+-----------------------
Changes (by SergeyBiryukov):
* milestone: Future Release => 3.9
Old description:
> There's a security flaw mentioned in #10006: an attacker can bother users
> with password reset messages.
>
> The problem was reported on Russian support forums by the user receiving
> hundreds of such messages on his email address. He managed to solve it
> himself.
>
> He also proposed to introduce some kind of timeout for password
> resetting. Is it possible?
New description:
There's a security flaw mentioned in #10006: an attacker can bother users
with password reset emails.
The problem was reported on support forums by a user receiving hundreds of
these emails. He proposed to introduce some kind of a timeout for password
reset requests. Is it possible?
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/12682#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list