Hi,
if you go to the login page of Odoo 13 click on reset password. and enter a mail address which is not valid you get an error message invalid email. If you enter a correct email address you get a different message.
This can be easily exploited by bruteforcing a list of emails to get an email registered at the Odoo app.
Is there a way to fix it?
kind regards
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Comptabilitat
- Inventari
- PoS
- Project
- MRP
This question has been flagged
3316
Vistes
Enjoying the discussion? Don't just read, join in!
Create an account today to enjoy exclusive features and engage with our awesome community!
Registrar-se| Related Posts | Respostes | Vistes | Activitat | |
|---|---|---|---|---|
|
2
de set. 25
|
2956 | ||
|
1
de set. 25
|
480 | ||
|
1
d’abr. 25
|
2060 | ||
|
0
de des. 24
|
1921 | ||
|
1
de set. 24
|
1567 |
