catolab
2 months agoComet
Potential for abuse of the password reset link with https://cc2.catonetworks.com/forgotAdminPassword
Hi, This is Cato Lab from South Korea.
Our customer raised a question.
- Is there any way to prevent malicious actors from repeatedly entering an email address to trigger password reset emails, potentially spamming or annoying administrators?
Their concern is that someone could misuse the reset link mechanism to repeatedly send reset emails, causing inconvenience to the administrators or account owners.
Does Cato have any existing protections or recommended best practices to mitigate this type of abuse?
It will be really helpful if you guys know any type of protection behavior for administrators regarding using this webpage.
Thanks,
Best Regards,
Cato Lab.