R131. Deny multiple password changing attempts


Passwords are not allowed to be changed more than once in the same day.


  1. OWASP-ASVS v3.1-2.8 Verify all identity functions (e.g. forgot password, change password, change email, manage 2FA token, etc.) have the security controls, as the primary authentication mechanism (e.g. login form).

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy