It's acceptable to "fix" this by changing the spec, for example, by enabling open sign-ups for all email addresses (not showing the "we went viral" for Gmail accounts), across environments incl staging + prod.
See related vulnerability report from our pen testers.
This needs to be fixed before we can request a re-test and get a clean pen test report.
CleanlabAI_Web_App_Pentest_Report.pdf
It's acceptable to "fix" this by changing the spec, for example, by enabling open sign-ups for all email addresses (not showing the "we went viral" for Gmail accounts), across environments incl staging + prod.
See related vulnerability report from our pen testers.
This needs to be fixed before we can request a re-test and get a clean pen test report.
CleanlabAI_Web_App_Pentest_Report.pdf