The offer_account_by_email function in User.pm in the WebService for
Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of
the createemailregexp parameter, which allows remote attackers to bypass
intended restrictions on account creation.