Description

The application does not control that server-side emails used to register users do not belong to disposable mailboxes such as yopmail.

Impact

Reset passwords for registered users with disposable mailboxes.

Recommendation

Implement a blacklisting system with disposable mailbox domains or implement federated authentication.

Threat

Anonymous attacker from the Internet using enumerated users.

Expected Remediation Time

⏱️ 120 minutes.

Requirements

Fixes