Lack of Password Confirmation

Severity:

Low

How to test:

  1. A password confirmation should be generated and current password requested for atleast the following items:

    1. Change password

    2. Change primary email

    3. Change 2FA

    4. Delete Account

    5. Add Account

    6. Change membership etc.

PreviousAuthentication BypassNext2FA Code Brute-forceable

Last updated