A vulnerability has been brought to the attention of one of our security personnel by a ethical hacker.
This security officer suggests to add a captcha to OJS password reset form in order to prevent lack of rate limiting which possibly leads to spamming.
Hi @pverberne,
Could you send me a private message with further details – for example, is this a DOS attack or something else?
Regards,
Alec Smecher
Public Knowledge Project Team
Hi all,
I’ve filed this for addition to a future release:
Regards,
Alec Smecher
Public Knowledge Project Team
This topic was automatically closed after 40 hours. New replies are no longer allowed.