When an attacker tries to brute-force email accounts after changing passwords, this vulnerability results in user enumeration. The attacker attempts to brute-force the user credentials on the login screen. When a user requests a password reset and there is no rate limitation on the function, an attacker can take advantage of this and do email flooding on the user’s email account.
This vulnerability allows for user enumeration, and attackers may utilize email and SMS services to launch flooding assaults.
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.