Retrieving the password exists in the mailbox bombing

After I deployed NextCloud, I found that I could reset the password for an unlimited number of times at the place where the password was retrieved, which would leave loopholes for some criminals, resulting in high service performance of the system and serious paralysis. I wonder how this place can be optimized

cc @ChristophWurst @LukasReschke

1 Like

Uh, are these two bigwigs? :upside_down_face: For help ~ :astonished:

During the password recovery step, you can keep sending emails and cause the system mailbox service to crash

If I need to modify the source code, where is the source code path?

No good samaritans on the official platform? :sob: