https://bugzilla.wikimedia.org/show_bug.cgi?id=34590
--- Comment #30 from Platonides <[email protected]> 2012-06-08 21:03:47 UTC --- What to do with an email-revealing attack where Eve changes his email to the testing one, and then tries to login with that email to verify if it's rejected, and thus there's another user with that email? It would be very noisy for email-enabled wikis, though. An alternative could be to deny login for emails shared by multiple accounts. That's a denial of service when you don't remember your username or are trapped in a foreign keyboard, but seems marginal. Moreover, the 'attacked' one can easily get control of the accounts... -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
