During an automated security audit of the edX platform code, we discovered a bug in the email verification and account activation process. This bug allows a malicious user to activate an account with an unverified (invalid or someone else’s) email address.
Read the full security announcement here: https://open.edx.org/announcements/security-alert-account-activation-unverified-email Thanks, Adam -- You received this message because you are subscribed to the Google Groups "General Open edX discussion" group. To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/CAESNvk%2BqHQu5Ktr4s8Wp%3D6Oieq2Zz8wS6WGcsE5QMzsTM3265g%40mail.gmail.com.
