Comment by zephyreon
I was able to submit an edit request for the lynxboo link by guessing the email on record was hello@lynx.boo.
This seems like it could be abused pretty easily. Not necessarily insecure but I could get a lot of spam no?
I was able to submit an edit request for the lynxboo link by guessing the email on record was hello@lynx.boo.
This seems like it could be abused pretty easily. Not necessarily insecure but I could get a lot of spam no?
I had thought about this a bit, I don't think it's any different (and actually even more secure) than someone putting in your email in a "Lost Password" field. In that case you just have to guess that email is registered on the site, in my case you have to know the email is registered to this specific Lynx.
It could be annoying but it seems an edge case to be abused.