[keycloak-user] Password Reset Email - Security Risk
Vinay
vinayatoz at gmail.com
Mon May 28 12:50:26 EDT 2018
Hi,
When using password reset function an email is sent to the user in order to
change the password. There is no limitation in number of password change
requests a user can do and a malicious user could generate a number of
requests and hence as many email to the victim's email inbox. This is a
potential security risk.
Is there a way to stop this ?
-Vinay
More information about the keycloak-user
mailing list