SignUp With Fake Email
Medium
K
Khan Academy
Submitted None
Actions:
Reported by
rootbakar___
Vulnerability Details
Technical details and impact analysis
Hello KhanAcademy Security Team,
I'm rootbakar, I found an oddity that allows a user to register with Khanacademy using an invalid or fake email.
In this trial I used the email '[email protected]' and after pressing the **SIGN UP** button it will automatically enter the user dashboard page, not through the account verification process first.
This will enable someone to create multiple accounts at once without verification.
**PoC**
This is Video Link
https://youtu.be/mvxF1vQigLI
(Not Public Video)
Best Regards,
**RootBakar**
## Impact
**This will enable someone to create multiple accounts at once without verification.**
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
Business Logic Errors