*Summary
Katalon Platform registration system allows users to create new accounts using disposable email addresses (e.g., mailinator.com). This issue can lead to abuse of the free trial feature, license fraud, as attackers can bypass restrictions by repeatedly registering accounts with temporary email addresses.
Based on my another bug report post TestOps - Bypass of Disabled Input Fields via HTML Manipulation
*Steps to reproduce
- Go to the Katalon registration page; example: https://testops.katalon.io
- Use a disposable email service, such as mailinator.com, to create a new email address.
- Register a new Katalon account with this disposable email address.
- Complete the registration process and gain access to the 30-day free trial.
- Repeat the process with another disposable email address to obtain unlimited free trials.
*Expected Results
The registration system should restrict the use of disposable email addresses and prevent account creation using such emails.
*Actual Results
Users can successfully register accounts using disposable email addresses, gaining repeated access to free trials.
*Screenshots / Videos
Number of affected users?
Potentially all users attempting to register with disposable email services.
*Operating System
Not applicable (Web-based issue).
*Katalon Studio version
Not applicable.
*Katalon Studio logs
Not applicable.