Summary
It was possible to send multiple confirmation_token in the same request for email verification using an array in the query string. Example request: http://127.0.0.1:3000/email_confirmations/confirm?token[]=key1&token[]=key2. It could have been used to bypass our rate limit of 100 req/10 minutes.
Impact
It makes the confirmation_token slightly easier to guess. It would still have required more than a billion years to brute-force the confirmation token using a single IP.
Patches
Please check #3013 for details of the patch.
Summary
It was possible to send multiple confirmation_token in the same request for email verification using an array in the query string. Example request:
http://127.0.0.1:3000/email_confirmations/confirm?token[]=key1&token[]=key2. It could have been used to bypass our rate limit of 100 req/10 minutes.Impact
It makes the confirmation_token slightly easier to guess. It would still have required more than a billion years to brute-force the confirmation token using a single IP.
Patches
Please check #3013 for details of the patch.