Impact
The signup and sign in forms are vulnerable to an email enumeration attack. Both forms return different responses for registered and unregistered email addresses. An attacker can use this to determine if a particular email address has an account.
Patches
The vulnerability is fixed in release v2.6.
References
The original report at huntr.dev: https://huntr.dev/bounties/208a096f-7986-4eed-8629-b7285348a686/
Impact
The signup and sign in forms are vulnerable to an email enumeration attack. Both forms return different responses for registered and unregistered email addresses. An attacker can use this to determine if a particular email address has an account.
Patches
The vulnerability is fixed in release v2.6.
References
The original report at huntr.dev: https://huntr.dev/bounties/208a096f-7986-4eed-8629-b7285348a686/