Email Validation Bypass via Dot Character
A vulnerability in versions <=v1.2.11 allows attackers to create multiple accounts using variations of the same email address by inserting dot characters. This issue was patched in a subsequent release.
Available publicly on Jun 16 2024
Threat Overview
The vulnerability arises from improper email validation, allowing attackers to create multiple accounts using the same email address with variations that include dot characters. This can lead to account duplication and potential abuse of the system, as the server fails to recognize these variations as the same email address.
Attack Scenario
An attacker registers an account with the email attacker123@gmail.com. They then register another account with the email attacker.123@gmail.com. Due to the improper email validation, the system treats these as two distinct accounts, allowing the attacker to bypass restrictions and potentially exploit the system.
Who is affected
Users of the software version <=v1.2.11 are affected, particularly those relying on email-based account creation and validation.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have 436 related security advisories that are available with Sightline Premium.