-
Defect
-
Resolution: Duplicate
-
Minor
-
1.0.0-RC6
-
None
The URL that a newly registered User must visit to finish the registration process is quite easy to guess after a User has registered once.
The parameter in the URL that distinguishes the User is their username and once a User registers they should be able to figure out the pattern and then easily make new accounts and confirm that account without ever receiving the confirmation email.
I'm not sure how people could/would exploit this, but I'm sure someone could figure something out...
The parameter in the URL that distinguishes the User is their username and once a User registers they should be able to figure out the pattern and then easily make new accounts and confirm that account without ever receiving the confirmation email.
I'm not sure how people could/would exploit this, but I'm sure someone could figure something out...
- relates to
-
GTWY-333 Add Resend Confirmation Mail Behavior
-
- Done
-