VULNERABILITY DETAILS
I have an existing account that is vanessa.esquibal@gmail.com then I created a new account that is vanessaesquibal@gmail.com with a different password from my first or personal email address. I used my newly created account to a mobile app and I wonder why I am receiving the email confirmation to my personal email. I tried to open my second account with its correct password, but I can't open my account then I also tried to trouble shoot the password for vanessaesquibal@gmail.com, and I found out that vanessa.esquibal@gmail.com is asking for reset password instead of vanessaesquibal@gmail.com so I tried to use my personal password that I'm using for vanessa.esquibal@gmail.com and I was able to open my second account. I also tried to replicate my issue in Mozilla Firefox.

VERSION
Chrome Version: Version 49.0.2623.87 m + stable
FireFox Version: 44.0.2
Operating System: Windows 7 Enterprise


REPRODUCTION CASE
1. Create a first account e.g. vanessa.esquibal@gmail.com
2. Create a second account e.g. vanessaesquibal@gmail.com with a different password from your first account.
3. Send email to your second account and then check if you are able to received the sent email to your second account. (if you are not able to open your second account, use your first account password for your second account)
4. Notice that I can't open my second account using its original password and I was able to open my first account email address.


Please see the attached screenshot for your reference.

 

Deleted: screenshot.jpg 109 KB

	screenshot.jpg 109 KB View Download