Project

General

Profile

Actions
Copy link

Bug #44

closed

Forgot Password Page Allows Unlimited OTP Verification Attempts

Added by Vivek Kumar 28 days ago. Updated 28 days ago.

Status:
Closed
Priority:
Urgent
Assignee:
-
Start date:
03/24/2026
Due date:
% Done:

100%

Estimated time:
Spent time:
1:00 h

Description

On the Forgot Password page, users can enter OTP multiple times without any restriction. The UI does not enforce any attempt limit, cooldown, or lockout, allowing unlimited OTP verification attempts

Environment
URL: https://dev.akinderwellness.com/pages/forgotPassword
Environment: Development
Browser: Chrome (Windows)

Steps to Reproduce

  1. Navigate to: https://dev.akinderwellness.com/pages/forgotPassword
  2. Enter a valid email and request OTP
  3. Enter incorrect OTP
  4. Repeat step 3 multiple times

Expected Result
After a limited number of attempts (e.g., 3–5):

  • User should be blocked temporarily OR OTP should expire
  • UI should show message like: “Too many attempts. Please try again later.”

Actual Result
Unlimited OTP attempts allowed
No error for excessive attempts
No cooldown or lockout
UI continues accepting OTP indefinitely

Files

localhost-3000-pages-forgotPassword (2).png (877 KB) localhost-3000-pages-forgotPassword (2).png Adhi Narayanan, 03/24/2026 11:53 AM
Actions
Copy link
 #1

Updated by Adhi Narayanan 28 days ago

Actions
Copy link
 #2

Updated by Vivek Kumar 28 days ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF