Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Normal
PrerequisitesAt least one custom field is required to be filled out during registrationSteps to reproduceOpen the registration formUsing browser developer tools, remove attribute required from the required custom fieldEnter a random gibberish usernameEnter the email address to checkFully complete the registration form and submit itExamine the resultsResultAn error message stating that the required custom field is missing.If the email address is already in use there is also an error stating this.This allows large amounts of emails to be checked for already having an account by repeating those steps.Suggested MitigationCAPTCHA already helps (a bit) with this, but further mitigation seems to make senseLimit the amount of registration attempts a single IP address can make within a certain time (like login strikes)If there are multiple errors and the email address is already in use don't show this error but only the other errrosThis slightly decreases usability but would IMHO be acceptable to harden the registration processOptionally fully ban an IP address if it exceeds X "email already in use" errors
Prerequisites
Steps to reproduce
required
Result
An error message stating that the required custom field is missing.
If the email address is already in use there is also an error stating this.
This allows large amounts of emails to be checked for already having an account by repeating those steps.
Suggested Mitigation
CAPTCHA already helps (a bit) with this, but further mitigation seems to make sense
We use essential cookies to make this site work, and optional cookies to enhance your experience.
See further information and configure your preferences
