https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292012-10-15T19:22:24ZRedmineRedmine - Defect #12106: Users can easily use any (not yet used) email address for their account (potential security issue)https://www.redmine.org/issues/12106?journal_id=420232012-10-15T19:22:24ZAnonymous
<ul></ul><p>And just to demo the problem... Hi, I am of <em>course</em> not Bill Gates... Feel free to delete this account.</p> Redmine - Defect #12106: Users can easily use any (not yet used) email address for their account (potential security issue)https://www.redmine.org/issues/12106?journal_id=420242012-10-15T20:39:18ZTerence Mill
<ul></ul><p>+1</p> Redmine - Defect #12106: Users can easily use any (not yet used) email address for their account (potential security issue)https://www.redmine.org/issues/12106?journal_id=420252012-10-15T21:09:59ZWilliam Roush
<ul></ul><p>Bill Gates wrote:</p>
<blockquote>
<p>And just to demo the problem... Hi, I am of <em>course</em> not Bill Gates... Feel free to delete this account.</p>
</blockquote>
<p>Nice try, but we're still not buying Team Foundation Server</p>
<p>+1</p> Redmine - Defect #12106: Users can easily use any (not yet used) email address for their account (potential security issue)https://www.redmine.org/issues/12106?journal_id=420262012-10-15T21:33:26ZAnonymous
<ul></ul><p>Just to clarify, when I wrote "and using the same code as during registration" what I meant was "and using the same authentication code scheme as during registration" -- of course the actual code / hash key being used should not be the same!</p>
<p>Ah, and also sorry for all those embarrassing typos and cut&paste artifacts, but I hope that the overall idea is understandable.</p> Redmine - Defect #12106: Users can easily use any (not yet used) email address for their account (potential security issue)https://www.redmine.org/issues/12106?journal_id=425062012-10-30T13:54:56ZNicolas Brisac
<ul></ul><p>+1</p> Redmine - Defect #12106: Users can easily use any (not yet used) email address for their account (potential security issue)https://www.redmine.org/issues/12106?journal_id=466882013-03-15T13:41:04ZAnonymous
<ul></ul><p>Note: my "fake Bill Gates" has been deleted, but before that, the first comment was looking as if it was by a user named "Bill Gates" with email address "<a class="email" href="mailto:bill@microsoft.com">bill@microsoft.com</a>".</p> Redmine - Defect #12106: Users can easily use any (not yet used) email address for their account (potential security issue)https://www.redmine.org/issues/12106?journal_id=783362017-05-03T11:30:09ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/12855">Feature #12855</a>: Sometime,we need limit register email address</i> added</li></ul>