# Description : I able to add 2FA to my account without verifying my email # Attack scenario : 1. Attacker sign up with victim email (Email verification will be sent to victim email). 2. Attacker able to login without verifying email. 3. Attacker add 2FA. ## Impact the victim can't register an account with victim email. If the victim reset the password, the password will change, but the victim can't login because 2FA.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Uncontrolled Resource Consumption