Page MenuHomePhabricator

Password reset request throttling/limit can be bypassed by going to another site
Closed, DuplicatePublic

Description

Imagine the following situation:

  • a) You request a password reset at dewiki
  • b) The request was made in abusive behaviour
  • c) You are trying to send another request
  • d) You recive the msg that you are limited to one request every 24 hours
  • e) You try it at enwiki

and there, it works...

Happened today.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 4 2018, 6:23 AM
Aklapper renamed this task from Password reset limits can easily be bypassed to Password reset request throttling/limit can be bypassed by going to another site.Jun 4 2018, 10:32 AM
Tgr changed the visibility from "Custom Policy" to "Public (No Login Required)".Feb 28 2019, 1:58 AM