Enumerate registered emails - /api/settings/sendEmailCode

# Summary

In the latest v6.0.0 version, the endpoint /api/settings/sendEmailCode has a logic issue. The error message indicates that the email has already been registered, and there are no security measures such as rate limiting or CSRF protection. This allows attackers to exploit this error message to brute-force registered users' emails, thereby leaking the email addresses of registered users.

# POC

<img width="1280" height="603" alt="Image" src="https://github.com/user-attachments/assets/83990a32-a907-47b5-848f-07c79b8283b7" />

<img width="1218" height="1280" alt="Image" src="https://github.com/user-attachments/assets/a8168af7-0e0b-4a99-8149-1c7dde3cbb93" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Enumerate registered emails - /api/settings/sendEmailCode #202

Summary

POC

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Enumerate registered emails - /api/settings/sendEmailCode #202

Description

Summary

POC

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions