Hi,
if you go to the login page of Odoo 13 click on reset password. and enter a mail address which is not valid you get an error message invalid email. If you enter a correct email address you get a different message.
This can be easily exploited by bruteforcing a list of emails to get an email registered at the Odoo app.
Is there a way to fix it?
kind regards
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- 客戶關係
- e-Commerce
- 會計
- 庫存
- PoS
- Project
- MRP
此問題已被標幟
3128
瀏覽次數
| 相關帖文 | 回覆 | 瀏覽次數 | 活動 | |
|---|---|---|---|---|
|
1
4月 25
|
1882 | ||
|
0
12月 24
|
1584 | ||
|
1
9月 24
|
1374 | ||
|
3
5月 24
|
2200 | ||
|
1
2月 24
|
4248 |
