The system performs a partial check on the uniqueness of email addresses, as it does not properly filter the "+" character. As a result, "firstname.lastname@example.org", "email@example.com" and "firstname.lastname@example.org" are considered independent despite the fact that they all represent the "email@example.com" email account. This lack of validation could cause two independent accounts to be linked to the same email address.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation