Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
lohatnikov2021-05-08 17:07:42
Information Security
lohatnikov, 2021-05-08 17:07:42

Is the lack of mail confirmation a vulnerability?

It seems that I understand myself that the vulnerability, since the mail entered by the user during registration is not reliable until he confirms it. But on the other hand, how serious are the consequences? what are the attack vectors? they just nag someone else's mail and the real owner will not be able to register? or could it be worse?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
SKEPTIC, 2021-05-08
@lohatnikov

It all depends on the application and its curvature.
There is no vulnerability in non-confirmation of mail. You are right about spam registrations. But this is more or less solved by captcha.
I saw many services that do not immediately ask you to confirm your mail. Prominent examples are reg ru (domain registrar) and dudos guard (ddos protector)

Similar questions
I
Ilya Magdenko2017-05-14 18:05:39
Which device to buy to encrypt all traffic? 2Reply
M
Mikhail Lebedev2020-04-11 20:36:22
Prevent caching js in html? 5Reply
G
g00dv1n2015-06-02 00:08:35
How do you dynamically analyze android malware? 2Reply
4
411452017-05-19 05:44:34
How to definitely remove the Trojan from Android? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question