|
|
|
|
|
|
by miccah
1915 days ago
|
|
|
The vulnerability lies in the registration page disclosing that information. To show absolutely no signs, you would accept the registration with a message: "An email has been sent to the provided address." Obviously this is less convenient and arguably not a critical vulnerability for GitHub. The good news is, the registration page doesn't disclose which account an email address is associated with. |
|
|