Hello @khanacademy,
Anyone can create unlimited fake accounts using temp mails. i,e https://temp-mail.org/en/
1- Go to https://temp-mail.org/en/
2- Select an mail
3- Enter that mail while creating an account in khanacademy
4- You will get confirm mail from khanacademy on https://temp-mail.org/en/
Impact:
One day attacker will create 1000+ accounts using some technique like, bruteforce.
then, all usernames will locked. @khanacademy will only allow *gmail.com,*yahoo.com ..etc trusted domains. not temp mails. in create account section.
Thanks,
@sameerphad72
.