You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using SMS service to reset the passwords using SMS API and able to receive the reset tokens successfully.
ISSUE:
I tried to limit the number of tries a user can use the SMS option to reset their password following above-mentioned links, the User is still able to get an unlimited number of tokens by just refreshing the SMS Token submit page.
A solution would be to create a form token in the first screen, in a hidden field, then invalidate this token before sending the SMS. In this case a refresh would not resend the SMS as the form token won't be accepted again.
We need to implement this and be sure it does not cause regression.
I am using SMS service to reset the passwords using SMS API and able to receive the reset tokens successfully.
ISSUE:
I tried to limit the number of tries a user can use the SMS option to reset their password following above-mentioned links, the User is still able to get an unlimited number of tokens by just refreshing the SMS Token submit page.
ltb_configuration.txt
This may be a bug
The text was updated successfully, but these errors were encountered: