Captcha Bypass in Coinbase SignUp Form

Vulnerability description: The g-recaptcha-response is not validated on the server-side when submitting a Signup form to the endpoint. Any or no value can be provided for this header Step to reproduce: 1. https://www.coinbase.com/signup 2. Fill the input field and Validate the captcha. 3. Trun on Brurp submit form and capture the request. 4. Remove the g-recaptcha-response( response value) and foreword it. Impact. Fake accounts can be created. Also username enumeration can be performed because no application will allow two email to choose same email.