iFixit | Forgot Password Mechanism Works as a Spam Machine

19:34 Posted by Ali Hassan Ghori
1) You got to go to Forgot Password webpage.{https://www.ifixit.com/login/forgot_password} 2) You will see an input text field where you can enter an e-mail address * Now, repeat the above 2 steps and you can keep sending e-mails to the same address again and again. You need to do is just simply Click Reset My password many times. "Attacker would automate HTTP requests and keep sending the e-mails" repeatedly. This could result in spamming where attacker enters the target e-mail address which might belong to anyone and keeps them sending bulk e-mails which makes the customer look at it as, spamming which is pathetic.